Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4843 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-09-16 | 4.3 Medium |
| IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048. | ||||
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-09-16 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | ||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2024-09-16 | 7.5 High |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | ||||
| CVE-2018-9065 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-16 | N/A |
| In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | ||||
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2024-09-16 | 7.5 High |
| phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | ||||
| CVE-2019-4566 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-16 | 5.5 Medium |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | ||||
| CVE-2022-33918 | 1 Dell | 1 Geodrive | 2024-09-16 | 5.5 Medium |
| Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | ||||
| CVE-2019-4314 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-16 | 7.5 High |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | ||||
| CVE-2020-29501 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-09-16 | 6.4 Medium |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2021-39078 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-16 | 4.4 Medium |
| IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. | ||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-09-16 | N/A |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | ||||
| CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2024-09-16 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. | ||||
| CVE-2023-5384 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2024-09-16 | 7.2 High |
| A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | ||||
| CVE-2023-45151 | 1 Nextcloud | 1 Nextcloud Server | 2024-09-16 | 6.5 Medium |
| Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-4066 | 1 Redhat | 6 Amq Broker, Enterprise Linux, Jboss A-mq and 3 more | 2024-09-16 | 5.5 Medium |
| A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | ||||
| CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2024-09-13 | 8.1 High |
| Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them. | ||||
| CVE-2021-22509 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.1 High |
| A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | ||||
| CVE-2024-41629 | 1 Ti | 1 Fusion Digital Power Designer | 2024-09-13 | 5.5 Medium |
| An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | ||||
| CVE-2023-46653 | 1 Jenkins | 1 Lambdatest-automation | 2024-09-12 | 6.5 Medium |
| Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | ||||
| CVE-2023-46376 | 1 Zentao | 1 Biz | 2024-09-12 | 7.5 High |
| Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. | ||||