Vulnerabilities (CVE)

Filtered by CWE-312
Total 577 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12032 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.
CVE-2020-11924 1 Wizconnected 2 Colors A60, Colors A60 Firmware 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.
CVE-2020-11923 1 Wizconnected 1 Wiz 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
CVE-2020-11826 1 Appinghouse 1 Memono 2024-11-21 5.0 MEDIUM 7.5 HIGH
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database.
CVE-2020-11694 2 Jetbrains, Microsoft 2 Pycharm, Windows 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
CVE-2020-11415 1 Sonatype 1 Nexus Repository Manager 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
CVE-2020-10727 2 Apache, Netapp 2 Activemq Artemis, Oncommand Workflow Automation 2024-11-21 2.1 LOW 5.5 MEDIUM
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.
CVE-2020-10706 1 Redhat 1 Openshift Container Platform 2024-11-21 4.6 MEDIUM 6.3 MEDIUM
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.
CVE-2020-10532 1 Watchguard 1 Ad Helper Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.
CVE-2020-10273 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more 20 Mir100, Mir1000, Mir1000 Firmware and 17 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.
CVE-2020-10267 1 Universal-robots 4 Ur10, Ur3, Ur5 and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property.
CVE-2020-10053 1 Siemens 1 Simatic Rtls Locating Manager 2024-11-21 2.1 LOW 5.5 MEDIUM
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.
CVE-2019-9873 1 Jetbrains 1 Intellij Idea 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
CVE-2019-9872 1 Jetbrains 1 Intellij Idea 2024-11-21 4.3 MEDIUM 8.1 HIGH
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
CVE-2019-9823 1 Jetbrains 1 Intellij Idea 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.
CVE-2019-9104 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.
CVE-2019-8118 1 Magento 1 Magento 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
CVE-2019-6670 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-11-21 2.1 LOW 4.4 MEDIUM
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
CVE-2019-5848 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-5810 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.