| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. |
| An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction. |
| Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. |
| In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. |
| An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected |
| The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. |
| Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. |
| Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. |
| An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616. |
| Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. |
| Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. |
| In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. |
| CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. |
| The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. |
| CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. |
| WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). |
| Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. |
