Vulnerabilities (CVE)

CWE filter

CWE-319

Filter

76 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10435 1 Jenkins 1 Sourcegear Vault 2019-10-09 5.0
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2019-10434 1 Jenkins 1 Ldap Email 2019-10-09 5.0
Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10427 1 Jenkins 1 Aqua Microscanner 2019-10-09 5.0
Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10412 1 Jenkins 1 Inedo Proget 2019-10-09 5.0
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10411 1 Jenkins 1 Inedo Buildmaster 2019-10-09 5.0
Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2018-8855 1 Echelon 3 I.lon 100 Firmware, I.lon 600 Firmware, Smartserver 1 Firmware 2019-10-09 7.5
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and...
CVE-2018-8842 1 Philips 1 E-alert Firmware 2019-10-09 3.3
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication...
CVE-2018-5471 1 Belden 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more 2019-10-09 4.3
A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in...
CVE-2018-5401 1 Auto-maskin 3 Marine Pro Observer, Dcu 210e Firmware, Rp 210e Firmware 2019-10-09 4.3
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control...
CVE-2018-1600 1 Ibm 1 Bigfix Platform 2019-10-09 5.0
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.
CVE-2018-10634 1 Medtronic 9 Minimed 530g Mmt-551 Firmware, Minimed 530g Mmt-751 Firmware, Minimed Paradigm 508 Insulin Pump Firmware and 6 more 2019-10-09 2.9
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are...
CVE-2018-0283 1 Cisco 1 Firepower Management Center 2019-10-09 5.0
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS)...
CVE-2018-0281 1 Cisco 1 Firepower Management Center 2019-10-09 5.0
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS)...
CVE-2017-5259 1 Cambiumnetworks 5 Cnpilot E400 Firmware, Cnpilot E410 Firmware, Cnpilot E600 Firmware and 2 more 2019-10-09 9.0
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
CVE-2017-16041 2019-10-09 4.3
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.
CVE-2017-16040 1 Gfe-sass Project 1 Gfe-sass 2019-10-09 9.3
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with...
CVE-2017-16035 1 Hubspot 1 Hubl-server 2019-10-09 9.3
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com...
CVE-2017-14009 1 Prominent 1 Multiflex M10a Controller Firmware 2019-10-09 4.0
An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This...
CVE-2017-12716 2019-10-09 3.3
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the...
CVE-2017-12310 1 Cisco 1 Spark Hybrid Calendar Service 2019-10-09 5.0
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this...