Vulnerabilities (CVE)

Filtered by CWE-312
Total 573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18868 1 Blaauwproducts 1 Remote Kiln Control 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
CVE-2020-11694 2 Jetbrains, Microsoft 2 Pycharm, Windows 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
CVE-2020-15085 1 Mirumee 1 Saleor 2024-02-28 2.1 LOW 6.1 MEDIUM
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.
CVE-2020-15485 1 Niscomed 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware 2024-02-28 2.1 LOW 5.5 MEDIUM
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering.
CVE-2020-6980 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2024-02-28 2.1 LOW 3.3 LOW
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
CVE-2020-12801 2 Libreoffice, Opensuse 2 Libreoffice, Leap 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.
CVE-2020-11826 1 Appinghouse 1 Memono 2024-02-28 5.0 MEDIUM 7.5 HIGH
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database.
CVE-2020-11415 1 Sonatype 1 Nexus Repository Manager 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
CVE-2020-2177 1 Jenkins 1 Copr 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-13021 1 Jetstream 1 Jetselect 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties.
CVE-2020-4095 1 Hcltech 1 Bigfix Platform 2024-02-28 2.1 LOW 6.0 MEDIUM
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."
CVE-2020-13637 1 Heinekingmedia 1 Stashcat 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context.
CVE-2020-10706 1 Redhat 1 Openshift Container Platform 2024-02-28 4.6 MEDIUM 6.6 MEDIUM
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.
CVE-2020-13783 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
CVE-2020-4369 1 Ibm 1 Verify Gateway 2024-02-28 2.1 LOW 5.5 MEDIUM
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
CVE-2020-7517 1 Schneider-electric 1 Easergy Builder 2024-02-28 2.1 LOW 5.5 MEDIUM
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
CVE-2019-10682 1 Django-nopassword Project 1 Django-nopassword 2024-02-28 5.0 MEDIUM 7.5 HIGH
django-nopassword before 5.0.0 stores cleartext secrets in the database.
CVE-2020-7513 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.
CVE-2019-17655 1 Fortinet 1 Fortios 2024-02-28 5.0 MEDIUM 7.5 HIGH
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
CVE-2020-14017 1 Naviwebs 1 Navigate Cms 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.