Total
569 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-09-17 | 4.9 Medium |
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | ||||
CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2024-09-17 | N/A |
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. | ||||
CVE-2019-4676 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-09-17 | 7.8 High |
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. | ||||
CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2024-09-17 | 6.4 Medium |
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2024-09-17 | 8.5 High |
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. | ||||
CVE-2018-2028 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-09-17 | 6.5 Medium |
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. | ||||
CVE-2020-3921 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2024-09-17 | 8.6 High |
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | ||||
CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-09-17 | 6.3 Medium |
Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | ||||
CVE-2019-3767 | 1 Dell | 1 Imageassist | 2024-09-17 | 8.2 High |
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | ||||
CVE-2021-20407 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-09-17 | 5.3 Medium |
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185. | ||||
CVE-2018-19279 | 2 Microsoft, Primx | 2 Windows, Zonecentral | 2024-09-17 | N/A |
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater. | ||||
CVE-2018-1621 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | N/A |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. | ||||
CVE-2022-22367 | 1 Ibm | 1 Urbancode Deploy | 2024-09-17 | 5.5 Medium |
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. | ||||
CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2024-09-17 | 6.5 Medium |
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | ||||
CVE-2021-38949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-09-17 | 5.5 Medium |
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. | ||||
CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-09-17 | 4.4 Medium |
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | ||||
CVE-2020-29502 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-09-17 | 7.5 High |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
CVE-2017-2723 | 1 Huawei | 1 Files | 2024-09-17 | N/A |
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. | ||||
CVE-2018-1882 | 5 Apple, Ibm, Linux and 2 more | 7 Macos, Aix, Spectrum Protect Backup-archive Client and 4 more | 2024-09-17 | 4.7 Medium |
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. | ||||
CVE-2020-12801 | 2 Libreoffice, Opensuse | 2 Libreoffice, Leap | 2024-09-17 | 5.3 Medium |
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. |