| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI. |
| GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. |
| Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. |
| An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. |
| LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. |
| A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP. |
| A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. |
| An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'. |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". |
| An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100. |
| django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. |
| KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. |
| A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields. |
| A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. |
| An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation. |
| An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF. |
| Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. |
