Vulnerabilities > Cleartext Transmission of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-29 | CVE-2022-42916 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. | 7.5 |
| 2022-10-28 | CVE-2022-41636 | Cleartext Transmission of Sensitive Information vulnerability in Haascnc Haas Controller 100.20.000.1110 Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. | 7.5 |
| 2022-10-27 | CVE-2022-41627 | Cleartext Transmission of Sensitive Information vulnerability in Alivecor products The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. | 7.6 |
| 2022-10-19 | CVE-2022-41983 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. | 3.7 |
| 2022-10-07 | CVE-2022-39287 | Cleartext Transmission of Sensitive Information vulnerability in Tiny-Csrf Project Tiny-Csrf tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. | 6.5 |
| 2022-09-23 | CVE-2022-32227 | Cleartext Transmission of Sensitive Information vulnerability in Rocket.Chat A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product. | 6.5 |
| 2022-09-16 | CVE-2021-42948 | Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | 3.7 |
| 2022-09-16 | CVE-2022-38846 | Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). | 5.9 |
| 2022-09-07 | CVE-2022-30312 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell products The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. | 6.5 |
| 2022-09-05 | CVE-2022-2083 | Cleartext Transmission of Sensitive Information vulnerability in Simple Sign on Project Simple Sign on The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. | 7.5 |