Vulnerabilities (CVE)

Filtered by CWE-312
Total 574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12731 1 Magicsmotion 2 Flamingo 2, Flamingo 2 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.
CVE-2020-22783 1 Etherpad 1 Etherpad 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
CVE-2021-33325 1 Liferay 2 Dxp, Liferay Portal 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.
CVE-2021-27487 1 Zoll 1 Defibrillator Dashboard 2024-02-28 2.1 LOW 5.5 MEDIUM
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
CVE-2021-33323 1 Liferay 2 Dxp, Liferay Portal 2024-02-28 5.0 MEDIUM 7.5 HIGH
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
CVE-2021-25644 1 Couchbase 1 Couchbase Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.
CVE-2021-31855 1 Kde 1 Messagelib 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.
CVE-2021-23211 1 Gallagher 1 Command Centre 2024-02-28 2.1 LOW 4.4 MEDIUM
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
CVE-2020-8225 1 Nextcloud 1 Desktop 2024-02-28 5.0 MEDIUM 7.5 HIGH
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-23249 1 Gigamon 1 Gigavue-os 2024-02-28 4.0 MEDIUM 4.7 MEDIUM
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
CVE-2021-23878 1 Mcafee 1 Endpoint Security 2024-02-28 4.3 MEDIUM 5.0 MEDIUM
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine
CVE-2020-29501 1 Dell 2 Emc Powerstore, Emc Powerstore Firmware 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVE-2021-27210 1 Tp-link 2 Archer C5v, Archer C5v Firmware 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.
CVE-2019-4738 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.
CVE-2021-0337 1 Google 1 Android 2024-02-28 7.2 HIGH 7.8 HIGH
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195
CVE-2021-1265 1 Cisco 1 Dna Center 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.
CVE-2020-4843 2 Ibm, Microsoft 2 Security Secret Server, Windows 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.
CVE-2020-36248 1 Owncloud 1 Owncloud 2024-02-28 2.1 LOW 4.6 MEDIUM
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
CVE-2021-27233 1 Mutare 1 Voice 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.
CVE-2020-5018 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-02-28 5.0 MEDIUM 7.5 HIGH
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.