Total
718 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42147 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-11-21 | 7.5 High |
| An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. | ||||
| CVE-2023-42144 | 1 Shelly | 2 Trv, Trv Firmware | 2024-11-21 | 5.5 Medium |
| Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | ||||
| CVE-2023-42016 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | ||||
| CVE-2023-41088 | 1 Dexma | 1 Dexgate | 2024-11-21 | 6.3 Medium |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. | ||||
| CVE-2023-40544 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | 5.7 Medium |
| An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | ||||
| CVE-2023-3763 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3761 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3361 | 2 Opendatahub, Redhat | 2 Open Data Hub Dashboard, Openshift Data Science | 2024-11-21 | 7.7 High |
| A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. | ||||
| CVE-2023-3272 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 7.5 High |
| Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | ||||
| CVE-2023-39172 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2024-11-21 | 9.1 Critical |
| The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. | ||||
| CVE-2023-39086 | 1 Asus | 2 Rt-ac66u B1, Rt-ac66u B1 Firmware | 2024-11-21 | 7.5 High |
| ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. | ||||
| CVE-2023-38276 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-11-21 | 5.9 Medium |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | ||||
| CVE-2023-38275 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-11-21 | 5.9 Medium |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | ||||
| CVE-2023-36673 | 1 Avira | 1 Phantom Vpn | 2024-11-21 | 7.3 High |
| An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN. | ||||
| CVE-2023-36672 | 1 Clario | 1 Vpn | 2024-11-21 | 5.7 Medium |
| An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario. | ||||
| CVE-2023-36671 | 1 Clario | 1 Vpn | 2024-11-21 | 6.3 Medium |
| An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario. | ||||
| CVE-2023-35833 | 1 Ysoft | 1 Safeq Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration. | ||||
| CVE-2023-34972 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 3.5 Low |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later | ||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-11-21 | 6.5 Medium |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | ||||
| CVE-2023-34441 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2024-11-21 | 6.8 Medium |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | ||||