Vulnerabilities > Cleartext Transmission of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-27 | CVE-2022-41627 | Cleartext Transmission of Sensitive Information vulnerability in Alivecor products The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. | 7.6 |
| 2022-09-23 | CVE-2022-32227 | Cleartext Transmission of Sensitive Information vulnerability in Rocket.Chat A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product. | 6.5 |
| 2022-09-16 | CVE-2021-42948 | Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | 3.7 |
| 2022-09-16 | CVE-2022-38846 | Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). | 5.9 |
| 2022-09-07 | CVE-2022-30312 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell products The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. | 6.5 |
| 2022-09-05 | CVE-2022-2083 | Cleartext Transmission of Sensitive Information vulnerability in Simple Sign on Project Simple Sign on The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. | 7.5 |
| 2022-08-31 | CVE-2022-2005 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. | 7.5 |
| 2022-08-31 | CVE-2022-2485 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | 7.5 |
| 2022-08-29 | CVE-2022-36200 | Cleartext Transmission of Sensitive Information vulnerability in Fiberhome Hg150-Ub Firmware 3.0 In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. | 7.5 |
| 2022-08-22 | CVE-2021-3590 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Foreman project. | 8.8 |