Total
569 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-19 | 6.2 Medium |
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
CVE-2024-45862 | 2024-09-19 | N/A | ||
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | ||||
CVE-2023-41964 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2024-09-18 | 4.3 Medium |
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-09-18 | 4.1 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | ||||
CVE-2023-3950 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 5.5 Medium |
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. | ||||
CVE-2023-44037 | 1 Zpesystems | 1 Nodegrid Os | 2024-09-17 | 7.5 High |
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. | ||||
CVE-2024-6921 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2024-09-17 | 7.5 High |
Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | ||||
CVE-2021-20995 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-17 | 5.3 Medium |
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | ||||
CVE-2020-4224 | 1 Ibm | 1 Storediq | 2024-09-17 | 5.5 Medium |
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | ||||
CVE-2021-36782 | 1 Suse | 1 Rancher | 2024-09-17 | 9.9 Critical |
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. | ||||
CVE-2019-4687 | 1 Ibm | 1 Security Guardium Data Encrpytion | 2024-09-17 | 5.3 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823. | ||||
CVE-2021-39009 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 5.5 Medium |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. | ||||
CVE-2022-26390 | 1 Baxter | 8 Baxter Spectrum Iq 35700bax3, Baxter Spectrum Iq 35700bax3 Firmware, Sigma Spectrum 35700bax and 5 more | 2024-09-17 | 4.2 Medium |
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information. | ||||
CVE-2020-4619 | 1 Ibm | 1 Data Risk Manager | 2024-09-17 | 6.5 Medium |
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976. | ||||
CVE-2017-9654 | 1 Philips | 1 Dosewise | 2024-09-17 | N/A |
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | ||||
CVE-2020-29500 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-09-17 | 7.5 High |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
CVE-2020-4189 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-17 | 4.3 Medium |
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850. | ||||
CVE-2019-4738 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-09-17 | 6.5 Medium |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. | ||||
CVE-2021-32942 | 1 Aveva | 2 Intouch 2017, Intouch 2020 | 2024-09-17 | 6.6 Medium |
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. | ||||
CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-09-17 | 7.5 High |
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. |