Total
628 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30527 | 1 Jenkins | 1 Wso2 Oauth | 2024-11-21 | 4.3 Medium |
| Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-30523 | 1 Jenkins | 1 Report Portal | 2024-11-21 | 4.3 Medium |
| Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-30367 | 1 Mremoteng | 1 Mremoteng | 2024-11-21 | 7.5 High |
| Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. | ||||
| CVE-2023-30146 | 1 Assmann | 2 Ht-ip211hdp, Ht-ip211hdp Firmware | 2024-11-21 | 7.5 High |
| Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. | ||||
| CVE-2023-2863 | 1 Simpledesign | 1 Diary With Lock\ | 2024-11-21 | 2.3 Low |
| A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. | ||||
| CVE-2023-2809 | 1 Sage | 1 Sage 200 Spain | 2024-11-21 | 7.8 High |
| Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. | ||||
| CVE-2023-2358 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2024-11-21 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | ||||
| CVE-2023-2335 | 1 42gears | 1 Surelock | 2024-11-21 | 6.5 Medium |
| Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | ||||
| CVE-2023-29480 | 1 Ribose | 1 Rnp | 2024-11-21 | 7.5 High |
| Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. | ||||
| CVE-2023-29471 | 1 Lightbend | 1 Alpakka Kafka | 2024-11-21 | 5.5 Medium |
| Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. | ||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2024-11-21 | 7.5 High |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | ||||
| CVE-2023-26760 | 1 Smeup | 1 Erp | 2024-11-21 | 7.5 High |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system. | ||||
| CVE-2023-26593 | 1 Yokogawa | 8 B\/m9000 Vp, B\/m9000cs, Centum Cs 1000 and 5 more | 2024-11-21 | 7.8 High |
| CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later | ||||
| CVE-2023-25596 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.5 Medium |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | ||||
| CVE-2023-25263 | 1 Stimulsoft | 1 Designer | 2024-11-21 | 5.5 Medium |
| In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems. | ||||
| CVE-2023-24964 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. | ||||
| CVE-2023-24586 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | 6.5 Medium |
| Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product. | ||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2024-11-21 | 5.5 Medium |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-24450 | 1 Jenkins | 1 View-cloner | 2024-11-21 | 6.5 Medium |
| Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2024-11-21 | 5.5 Medium |
| Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||