Filtered by CWE-319
Filtered by vendor Subscriptions
Total 685 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-0048 2 Apache, Docker 2 Geode, Docker 2024-11-21 9.8 Critical
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
CVE-2013-7436 2 Kanaka, Redhat 2 Novnc, Openstack 2024-11-21 N/A
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2012-5562 1 Redhat 2 Network Proxy, Satellite 2024-11-21 6.5 Medium
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
CVE-2012-1257 1 Pidgin 1 Pidgin 2024-11-21 5.5 Medium
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
CVE-2011-3022 1 Google 1 Chrome 2024-11-21 N/A
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-4177 2 Fedoraproject, Oracle 2 Fedora, Mysql-gui-tools 2024-11-21 5.5 Medium
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.
CVE-2008-4390 1 Cisco 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware 2024-11-21 7.5 High
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.
CVE-2008-4122 1 Joomla 1 Joomla\! 2024-11-21 7.5 High
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2008-3289 1 Storcentric 1 Retrospect Backup Client 2024-11-21 7.5 High
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
CVE-2008-0374 1 Oki 2 C5510mfp, C5510mfp Firmware 2024-11-21 7.5 High
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
CVE-2007-5626 1 Bacula 1 Bacula 2024-11-21 5.5 Medium
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
CVE-2007-4786 1 Cisco 1 Adaptive Security Appliance Software 2024-11-21 5.3 Medium
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
CVE-2005-3140 1 Procom 2 Netforce 800, Netforce 800 Firmware 2024-11-21 7.5 High
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.
CVE-2005-2069 3 Openldap, Padl, Redhat 4 Openldap, Nss Ldap, Pam Ldap and 1 more 2024-11-21 N/A
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVE-2004-1852 1 Solarwinds 1 Dameware Mini Remote Control 2024-11-21 N/A
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
CVE-2003-5002 1 Ibm 1 Iss Blackice Pc Protection 2024-11-21 3.7 Low
A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2002-1949 1 Iomega 2 Nas A300u, Nas A300u Firmware 2024-11-21 7.5 High
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
CVE-2024-9834 1 Baxter 1 Life2000 Ventilator Firmware 2024-11-15 9.3 Critical
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
CVE-2024-28169 2024-11-15 5.4 Medium
Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2024-50634 2 Sbond, Sbondco 2 Watcharr, Watcharr 2024-11-14 8.8 High
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication.