Vulnerabilities > Cleartext Transmission of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-16 | CVE-2021-42948 | Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | 3.7 |
| 2022-09-16 | CVE-2022-38846 | Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). | 5.9 |
| 2022-09-07 | CVE-2022-30312 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell products The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. | 6.5 |
| 2022-09-05 | CVE-2022-2083 | Cleartext Transmission of Sensitive Information vulnerability in Simple Sign on Project Simple Sign on The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. | 7.5 |
| 2022-08-31 | CVE-2022-2005 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. | 7.5 |
| 2022-08-31 | CVE-2022-2485 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | 7.5 |
| 2022-08-29 | CVE-2022-36200 | Cleartext Transmission of Sensitive Information vulnerability in Fiberhome Hg150-Ub Firmware 3.0 In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. | 7.5 |
| 2022-08-22 | CVE-2021-3590 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Foreman project. | 8.8 |
| 2022-08-11 | CVE-2022-20243 | Cleartext Transmission of Sensitive Information vulnerability in Google Android 13.0.0 In Core Utilities, there is a possible log information disclosure. | 4.4 |
| 2022-08-05 | CVE-2022-33724 | Cleartext Transmission of Sensitive Information vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | 3.3 |