Total
535 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2024-09-16 | N/A | 5.5 MEDIUM |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
| CVE-2023-5384 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2024-09-16 | N/A | 2.7 LOW |
| A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | |||||
| CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2024-09-13 | N/A | 8.1 HIGH |
| Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them. | |||||
| CVE-2021-22509 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 6.5 MEDIUM |
| A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-41629 | 1 Ti | 1 Fusion Digital Power Designer | 2024-09-13 | N/A | 5.5 MEDIUM |
| An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | |||||
| CVE-2024-45391 | 1 Tina | 1 Tina | 2024-09-12 | N/A | 7.5 HIGH |
| Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix. | |||||
| CVE-2024-8689 | 2024-09-12 | N/A | N/A | ||
| A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. | |||||
| CVE-2019-16638 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2024-09-10 | N/A | 7.5 HIGH |
| An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1. | |||||
| CVE-2024-45175 | 2024-09-05 | N/A | 8.8 HIGH | ||
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server. | |||||
| CVE-2024-33892 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2024-09-03 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3 | |||||
| CVE-2024-6921 | 2024-09-03 | N/A | N/A | ||
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-24375 | 2024-08-29 | N/A | 7.5 HIGH | ||
| SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. | |||||
| CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-08-28 | N/A | 5.5 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | |||||
| CVE-2023-49341 | 2024-08-26 | N/A | 7.5 HIGH | ||
| An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component. | |||||
| CVE-2024-32939 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 3.7 LOW |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server." | |||||
| CVE-2024-5916 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-20 | N/A | 4.4 MEDIUM |
| An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. | |||||
| CVE-2024-28024 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | N/A | 4.1 MEDIUM |
| A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | |||||
| CVE-2024-36790 | 2024-08-14 | N/A | 8.8 HIGH | ||
| Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | |||||
| CVE-2024-38877 | 2024-08-13 | N/A | 8.2 HIGH | ||
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. | |||||
| CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-08-06 | N/A | 5.5 MEDIUM |
| A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | |||||