Vulnerabilities > Cleartext Transmission of Sensitive Information
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-12 | CVE-2020-5399 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. | 7.4 |
2020-02-10 | CVE-2019-20061 | Cleartext Transmission of Sensitive Information vulnerability in Mfscripts Yetishare The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. | 7.5 |
2020-02-05 | CVE-2020-8507 | Cleartext Transmission of Sensitive Information vulnerability in Rogersmedia Citytv Video The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | 7.5 |
2020-02-05 | CVE-2020-8506 | Cleartext Transmission of Sensitive Information vulnerability in Corusent Global TV The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. | 5.3 |
2020-01-26 | CVE-2020-7984 | Cleartext Transmission of Sensitive Information vulnerability in Solarwinds N-Central 12.2 SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. | 7.5 |
2020-01-14 | CVE-2019-12399 | Cleartext Transmission of Sensitive Information vulnerability in multiple products When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | 7.5 |
2020-01-13 | CVE-2014-5380 | Cleartext Transmission of Sensitive Information vulnerability in Granding Grand Ma300 Firmware 6.60 Grand MA 300 allows retrieval of the access PIN from sniffed data. | 7.5 |
2020-01-06 | CVE-2019-16274 | Cleartext Transmission of Sensitive Information vulnerability in Dten D5 Firmware and D7 Firmware DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. | 7.5 |
2019-12-25 | CVE-2019-19967 | Cleartext Transmission of Sensitive Information vulnerability in UPC Connect BOX Eurodocsis Firmware Ch7465Lgncip6.12.18.252P6Nosh The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. | 7.5 |
2019-12-20 | CVE-2019-4743 | Cleartext Transmission of Sensitive Information vulnerability in IBM Financial Transaction Manager for Multiplatform 3.0.0.0 IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |