180 matches found
CVE-2018-6826
VULNERABILITY: VOBOT CLOCK devices before version 0.99.30 are affected by a remote code execution issue. The root cause is use of plaintext HTTP to download a breakout program, enabling a man-in-the-middle to observe a local user launching the Breakout Easter Egg feature and then send a crafted H...
CVE-2017-15397
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...
Design/Logic Flaw
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...
CVE-2017-15397
CVE-2017-15397 describes an issue in Google Chrome OS where the ChromeVox component allowed a remote attacker, positioned on the network, to observe or tamper with plaintext HTTP requests. Root cause is an inappropriate implementation within ChromeVox that mishandled plaintext network traffic. Th...
CVE-2017-7147
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe...
CVE-2017-15643
The CVE-2017-15643 entry concerns IKARUS Anti Virus for Windows 2.16.7. Multiple connected documents confirm an active attacker can achieve remote code execution via a MITM-capable update pathway: IKARUS AV uses cleartext HTTP for updates; an attacker can coerce the client into an update, then re...
CVE-2017-2412
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...
CVE-2017-2412
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...
Design/Logic Flaw
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...
CVE-2017-2412
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...
CVE-2015-4057
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...
Design/Logic Flaw
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...
CVE-2015-4057
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...
CVE-2015-4057
CVE-2015-4057 affects VCE Vision Intelligent Operations prior to 2.6.5. The Plug-in for VMware vCenter exposes the admin password by returning a cleartext HTTP response when the Settings screen is requested, enabling network sniffing attacks to reveal credentials. The underlying issue is cleartex...
CVE-2011-2344
The CVE concerns Android Picasa in Android 3.0 and 2.x through 2.3.4, where authToken is transmitted over cleartext HTTP from ClientLogin. This allowed remote attackers to sniff tokens from connections to picasaweb.google.com, enabling privilege escalation to access private pictures and web album...
CVE-2011-0207
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network...
Design/Logic Flaw
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network...
CVE-2011-0207
CVE-2011-0207 affects Apple Mac OS X prior to 10.6.8, specifically the MobileMe component used by Mail. The root cause is the use of a cleartext HTTP session to read e‑mail aliases, allowing an attacker on the same network to sniff traffic and obtain potentially sensitive alias information. Accor...
CVE-2011-0207
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network...
CVE-2010-4184
CVE-2010-4184 affects NetSupport Manager (NSM) prior to version 11.00.0005. The vulnerability arises from NSM sending HTTP headers with cleartext fields that reveal details about client machines, enabling an attacker who can sniff network traffic to obtain potentially sensitive information (e.g.,...