Total
576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1309 | 1 Ibm | 1 Infosphere Master Data Management Server | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. | |||||
| CVE-2017-16835 | 1 Photo\,video Locker-calculator Project | 1 Photo\,video Locker-calculator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. | |||||
| CVE-2017-14990 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | |||||
| CVE-2017-13663 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||||
| CVE-2016-3192 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | |||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||||
| CVE-2015-8314 | 1 Heartcombo | 1 Devise | 2024-11-21 | N/A | 7.5 HIGH |
| The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | |||||
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2024-11-21 | 4.3 MEDIUM | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | |||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | |||||
| CVE-2011-5247 | 1 Prophecyinternational | 1 Snare | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. | |||||
| CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | |||||
| CVE-2010-3282 | 3 Fedoraproject, Hp, Redhat | 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | |||||
| CVE-2010-0225 | 1 Sandisk | 2 Cruzer Enterprise, Cruzer Enterprise Firmware | 2024-11-21 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | |||||
| CVE-2009-5068 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
| There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. | |||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | |||||
| CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | |||||
| CVE-2009-1466 | 1 Klinzmann | 1 Application Access Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | |||||
| CVE-2009-0152 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||