180 matches found
UBUNTU-CVE-2025-55014
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP...
CVE-2025-55014
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP...
CVE-2025-55014
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP...
PT-2025-31858
Name of the Vulnerable Software and Affected Versions StarDict versions 3.0.7+git20220909+dfsg-6 Description The YouDao plugin for StarDict sends X11 selection data to the dict.youdao.com and dict.cn servers via cleartext HTTP. Recommendations At the moment, there is no information about a newer...
CVE-2025-55014
The vulnerability CVE-2025-55014 affects the YouDao plugin for StarDict used by stardict (e.g., 3.0.7+git20220909+dfsg-6 in Debian trixie). The issue is that the plugin sends an X11 selection to dict.youdao.com and dict.cn over cleartext HTTP, exposing potentially sensitive data. Mitigation is to...
CVE-2022-28861
The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...
CVE-2021-3003
Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates...
CVE-2021-32612
The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...
CVE-2020-36473
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...
CVE-2020-11718
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP...
CVE-2020-11614
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...
CVE-2017-15643
An active network attacker MiTM can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client t...
CVE-2019-14954
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-19890
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...
CVE-2019-13394
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...
CVE-2019-14959
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...
CVE-2019-19316
When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...
CVE-2019-14942
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages which have access control could be sent over cleartext HTTP...
CVE-2011-2344
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com...