Total
381 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2022-10-04 | 5.0 MEDIUM | 7.5 HIGH |
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | |||||
CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2022-09-30 | 3.5 LOW | 6.5 MEDIUM |
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | |||||
CVE-2015-1931 | 3 Ibm, Redhat, Suse | 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more | 2022-09-29 | N/A | 5.5 MEDIUM |
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | |||||
CVE-2022-36101 | 1 Shopware | 1 Shopware | 2022-09-15 | N/A | 5.3 MEDIUM |
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | |||||
CVE-2020-29550 | 1 Urve | 1 Urve | 2022-09-01 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5. | |||||
CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2022-09-01 | N/A | 5.5 MEDIUM |
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | |||||
CVE-2022-2569 | 1 Arcinformatique | 1 Pcvue | 2022-08-30 | N/A | 5.5 MEDIUM |
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | |||||
CVE-2021-23211 | 1 Gallagher | 1 Command Centre | 2022-08-30 | 2.1 LOW | 4.4 MEDIUM |
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). | |||||
CVE-2022-2813 | 1 Guest Management System Project | 1 Guest Management System | 2022-08-16 | N/A | 7.5 HIGH |
A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400. | |||||
CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 8.8 HIGH |
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 6.5 MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. | |||||
CVE-2021-41302 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2022-08-12 | 5.0 MEDIUM | 7.3 HIGH |
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | |||||
CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2022-08-08 | N/A | 7.5 HIGH |
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | |||||
CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2022-08-02 | N/A | 7.5 HIGH |
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | |||||
CVE-2021-42370 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2022-07-29 | 4.3 MEDIUM | 7.5 HIGH |
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.) | |||||
CVE-2022-24660 | 1 Goldshell | 1 Goldshell Miner Firmware | 2022-07-27 | N/A | 7.5 HIGH |
The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext. | |||||
CVE-2021-31817 | 1 Octopus | 1 Server | 2022-07-27 | 5.0 MEDIUM | 7.5 HIGH |
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | |||||
CVE-2019-15507 | 1 Octopus | 1 Server | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | |||||
CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | |||||
CVE-2021-31816 | 1 Octopus | 1 Server | 2022-07-27 | 5.0 MEDIUM | 7.5 HIGH |
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. |