Total
713 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35017 | 1 Ibm | 1 Security Verify Governance | 2025-03-04 | N/A | 5.9 MEDIUM |
| IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. | |||||
| CVE-2025-24849 | 2025-02-28 | N/A | 7.1 HIGH | ||
| Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure. | |||||
| CVE-2025-0556 | 1 Progress | 1 Telerik Report Server | 2025-02-20 | N/A | 8.8 HIGH |
| In ProgressĀ® TelerikĀ® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | |||||
| CVE-2024-5462 | 2025-02-15 | N/A | N/A | ||
| If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified. | |||||
| CVE-2023-0922 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 5.9 MEDIUM |
| The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | |||||
| CVE-2025-1060 | 2025-02-13 | N/A | 7.5 HIGH | ||
| CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. | |||||
| CVE-2024-35210 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-02-11 | N/A | 5.1 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information. | |||||
| CVE-2023-30515 | 1 Jenkins | 1 Thycotic Devops Secrets Vault | 2025-02-07 | N/A | 7.5 HIGH |
| Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2023-30514 | 1 Jenkins | 1 Azure Key Vault | 2025-02-07 | N/A | 7.5 HIGH |
| Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2023-30513 | 1 Jenkins | 1 Kubernetes | 2025-02-07 | N/A | 7.5 HIGH |
| Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2024-4161 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 8.6 HIGH |
| In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | |||||
| CVE-2019-14942 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. | |||||
| CVE-2024-43187 | 2025-02-04 | N/A | 5.9 MEDIUM | ||
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | |||||
| CVE-2024-49387 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 7.5 HIGH |
| Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-48121 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack. | |||||
| CVE-2023-25437 | 1 Vtech | 2 Vcs754a, Vcs754a Firmware | 2025-01-31 | N/A | 8.8 HIGH |
| An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. | |||||
| CVE-2023-29681 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | N/A | 5.7 MEDIUM |
| Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | |||||
| CVE-2023-29680 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | N/A | 5.7 MEDIUM |
| Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | |||||
| CVE-2023-32290 | 1 Vk.company | 1 Mymail | 2025-01-29 | N/A | 7.5 HIGH |
| The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. | |||||
| CVE-2025-0784 | 2025-01-28 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. | |||||