Show CWE-319: Cleartext Transmission of Sensitive Information

	Topic	Date	Author
Med.	VeryFitPro 3.2.8 Insecure Transit	19.06.2021	Nick Decker
Med.	Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities	13.01.2020	m0ze
High	Across DR-810 ROM-0 - Backup File Disclosure	12.01.2019	SajjadBnz
Med.	MensaMax 4.3 Hardcoded Encryption Key Disclosure	02.10.2018	Stefan Pietsch
Med.	Trend Micro ServerProtect Disclosure / CSRF / XSS	26.05.2017	Multiple
Med.	QNAP QTS 4.2.x XSS / Command Injection / Transport Issues	18.02.2017	Harry Sintonen
Med.	Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle	20.01.2016	Core
Med.	ElasticSearch Cloud-Azure Insecure Transit	20.09.2015	Pedro Andujar

CVEMAP Search Results

CVE

Details

Description

2021-10-05

Medium

CVE-2021-39882

Vendor: Gitlab
Software: Gitlab

In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.

2021-09-29

Medium

CVE-2020-20128

Vendor: Laracms project
Software: Laracms

LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers.

2021-08-25

Medium

CVE-2021-33883

Updating...

A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump's internal configuration.

2021-07-26

Low

CVE-2021-29769

Updating...

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.

2021-06-30

Medium

CVE-2021-22380

Vendor: Huawei
Software: EMUI

There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.

2021-06-18

Low

CVE-2021-23846

Updating...

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

2021-06-03

Medium

CVE-2021-22325

Vendor: Huawei
Software: EMUI

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.

2021-05-26

Low

CVE-2021-25643

Vendor: Couchbase
Software: Server

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.

2021-05-19

Low	CVE-2021-27924	Vendor: Couchbase Software: Couchbase server	An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
Low	CVE-2021-27925	Vendor: Couchbase Software: Couchbase server	An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.

19.06.2021

13.01.2020

12.01.2019

02.10.2018

26.05.2017

18.02.2017

20.01.2016

20.09.2015