Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-312
Total 381 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31816 1 Octopus 1 Server 2022-07-27 5.0 MEDIUM 7.5 HIGH
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
CVE-2022-30626 1 Chcnav 2 P5e Gnss, P5e Gnss Firmware 2022-07-22 N/A 7.5 HIGH
Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text.
CVE-2021-38150 1 Sap 1 Business Client 2022-07-12 4.3 MEDIUM 6.5 MEDIUM
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
CVE-2021-36165 1 Riconmobile 2 S9922l, S9922l Firmware 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.
CVE-2020-35454 1 Taidii 1 Diibear 2022-07-12 2.1 LOW 6.8 MEDIUM
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.
CVE-2021-45077 1 Netgear 2 R6700, R6700 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
CVE-2021-31855 1 Kde 1 Messagelib 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.
CVE-2021-37452 1 Nch 1 Quorum 2022-07-12 2.1 LOW 5.5 MEDIUM
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
CVE-2020-35455 1 Taidii 1 Diibear 2022-07-12 2.1 LOW 7.8 HIGH
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.
CVE-2020-4980 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2022-07-12 3.3 LOW 6.5 MEDIUM
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.
CVE-2021-37468 1 Nch 1 Reflect Customer Relationship Management 2022-07-12 2.1 LOW 3.3 LOW
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
CVE-2022-22366 1 Ibm 1 Urbancode Deploy 2022-07-08 2.1 LOW 4.4 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.
CVE-2022-22367 1 Ibm 1 Urbancode Deploy 2022-07-08 2.1 LOW 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
CVE-2022-22478 6 Apple, Hp, Ibm and 3 more 7 Macos, Hp-ux, Aix and 4 more 2022-07-08 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.
CVE-2021-41639 1 Melag 1 Ftp Server 2022-07-01 2.1 LOW 5.5 MEDIUM
MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.
CVE-2021-45025 1 Rocketsoftware 1 Ags-zena 2022-06-27 5.0 MEDIUM 7.5 HIGH
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.
CVE-2017-20040 1 Sicunet 1 Access Control 2022-06-17 2.1 LOW 5.5 MEDIUM
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.
CVE-2020-6648 1 Fortinet 2 Fortios, Fortiproxy 2022-06-14 4.0 MEDIUM 6.5 MEDIUM
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
CVE-2022-31004 1 Mitre 1 Cve-services 2022-06-10 5.0 MEDIUM 7.5 HIGH
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch.
CVE-2022-25160 1 Mitsubishielectric 32 Fx5uc, Fx5uc-32mr\/ds-ts, Fx5uc-32mr\/ds-ts Firmware and 29 more 2022-06-02 4.3 MEDIUM 5.9 MEDIUM
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system.