Vulnerabilities > Cleartext Transmission of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-20 | CVE-2020-3442 | Cleartext Transmission of Sensitive Information vulnerability in DUO Duoconnect 1.0.0/1.1.0 The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. | 5.7 |
| 2020-07-14 | CVE-2020-7592 | Cleartext Transmission of Sensitive Information vulnerability in Siemens products A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. | 6.5 |
| 2020-07-09 | CVE-2020-14171 | Cleartext Transmission of Sensitive Information vulnerability in Atlassian Bitbucket Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. | 6.5 |
| 2020-07-09 | CVE-2020-12398 | Cleartext Transmission of Sensitive Information vulnerability in multiple products If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. | 7.5 |
| 2020-07-07 | CVE-2020-15509 | Cleartext Transmission of Sensitive Information vulnerability in Nordicsemi Android BLE Library and DFU Library Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. | 6.5 |
| 2020-07-03 | CVE-2020-10281 | Cleartext Transmission of Sensitive Information vulnerability in Dronecode Micro AIR Vehicle Link This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. | 7.5 |
| 2020-07-02 | CVE-2020-2210 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Stash Branch Parameter Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 4.3 |
| 2020-06-29 | CVE-2020-12048 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Phoenix X36 Firmware 3.36/3.40 Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. | 7.5 |
| 2020-06-29 | CVE-2020-12040 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.0/6.05/8.0 Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. | 9.8 |
| 2020-06-29 | CVE-2020-12037 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Prismaflex Firmware and Prismax Firmware Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. | 7.5 |