Filtered by vendor
Subscriptions
Total
685 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 9.8 Critical |
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | ||||
CVE-2013-7436 | 2 Kanaka, Redhat | 2 Novnc, Openstack | 2024-11-21 | N/A |
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2012-5562 | 1 Redhat | 2 Network Proxy, Satellite | 2024-11-21 | 6.5 Medium |
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | ||||
CVE-2012-1257 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 5.5 Medium |
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | ||||
CVE-2011-3022 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2010-4177 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 5.5 Medium |
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | ||||
CVE-2008-4390 | 1 Cisco | 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware | 2024-11-21 | 7.5 High |
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | ||||
CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2008-3289 | 1 Storcentric | 1 Retrospect Backup Client | 2024-11-21 | 7.5 High |
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | ||||
CVE-2008-0374 | 1 Oki | 2 C5510mfp, C5510mfp Firmware | 2024-11-21 | 7.5 High |
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | ||||
CVE-2007-5626 | 1 Bacula | 1 Bacula | 2024-11-21 | 5.5 Medium |
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | ||||
CVE-2007-4786 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | 5.3 Medium |
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | ||||
CVE-2005-3140 | 1 Procom | 2 Netforce 800, Netforce 800 Firmware | 2024-11-21 | 7.5 High |
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | ||||
CVE-2005-2069 | 3 Openldap, Padl, Redhat | 4 Openldap, Nss Ldap, Pam Ldap and 1 more | 2024-11-21 | N/A |
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | ||||
CVE-2004-1852 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | N/A |
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. | ||||
CVE-2003-5002 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-21 | 3.7 Low |
A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2024-11-21 | 7.5 High |
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | ||||
CVE-2024-9834 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 9.3 Critical |
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
CVE-2024-28169 | 2024-11-15 | 5.4 Medium | ||
Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
CVE-2024-50634 | 2 Sbond, Sbondco | 2 Watcharr, Watcharr | 2024-11-14 | 8.8 High |
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication. |