Vulnerabilities > Cleartext Transmission of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-5399 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS.
network
high complexity
pivotal-software cloudfoundry CWE-319
7.4
2020-02-10 CVE-2019-20061 Cleartext Transmission of Sensitive Information vulnerability in Mfscripts Yetishare
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext.
network
low complexity
mfscripts CWE-319
7.5
2020-02-05 CVE-2020-8507 Cleartext Transmission of Sensitive Information vulnerability in Rogersmedia Citytv Video
The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.
network
low complexity
rogersmedia CWE-319
7.5
2020-02-05 CVE-2020-8506 Cleartext Transmission of Sensitive Information vulnerability in Corusent Global TV
The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.
network
low complexity
corusent CWE-319
5.3
2020-01-26 CVE-2020-7984 Cleartext Transmission of Sensitive Information vulnerability in Solarwinds N-Central 12.2
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information.
network
low complexity
solarwinds CWE-319
7.5
2020-01-14 CVE-2019-12399 Cleartext Transmission of Sensitive Information vulnerability in multiple products
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.
network
low complexity
apache oracle CWE-319
7.5
2020-01-13 CVE-2014-5380 Cleartext Transmission of Sensitive Information vulnerability in Granding Grand Ma300 Firmware 6.60
Grand MA 300 allows retrieval of the access PIN from sniffed data.
network
low complexity
granding CWE-319
7.5
2020-01-06 CVE-2019-16274 Cleartext Transmission of Sensitive Information vulnerability in Dten D5 Firmware and D7 Firmware
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.
network
low complexity
dten CWE-319
7.5
2019-12-25 CVE-2019-19967 Cleartext Transmission of Sensitive Information vulnerability in UPC Connect BOX Eurodocsis Firmware Ch7465Lgncip6.12.18.252P6Nosh
The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.
network
low complexity
upc CWE-319
7.5
2019-12-20 CVE-2019-4743 Cleartext Transmission of Sensitive Information vulnerability in IBM Financial Transaction Manager for Multiplatform 3.0.0.0
IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3