Total
576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28024 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-10-29 | N/A | 4.1 MEDIUM |
| A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | |||||
| CVE-2024-9991 | 2024-10-28 | N/A | N/A | ||
| This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. | |||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2024-10-17 | N/A | 6.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | |||||
| CVE-2024-8070 | 2024-10-15 | N/A | 8.5 HIGH | ||
| CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | |||||
| CVE-2024-9802 | 2024-10-10 | N/A | 5.3 MEDIUM | ||
| The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. | |||||
| CVE-2024-9798 | 2024-10-10 | N/A | 9.0 CRITICAL | ||
| The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. | |||||
| CVE-2024-45004 | 1 Linux | 1 Linux Kernel | 2024-10-09 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read (export) will simply convert this field to hex and send it to userspace. With DCP-based trusted keys, we decrypt the blob encryption key (BEK) in the Kernel due hardware limitations and then decrypt the blob payload. BEK decryption is done in-place which means that the trusted key blob field is modified and it consequently holds the BEK in plain text. Every subsequent read of that key thus send the plain text BEK instead of the encrypted BEK to userspace. This issue only occurs when importing a trusted DCP-based key and then exporting it again. This should rarely happen as the common use cases are to either create a new trusted key and export it, or import a key blob and then just use it without exporting it again. Fix this by performing BEK decryption and encryption in a dedicated buffer. Further always wipe the plain text BEK buffer to prevent leaking the key via uninitialized memory. | |||||
| CVE-2024-20448 | 1 Cisco | 1 Nexus Dashboard Fabric Controller | 2024-10-08 | N/A | 8.6 HIGH |
| A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. | |||||
| CVE-2024-8644 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0. | |||||
| CVE-2024-8459 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 4.9 MEDIUM |
| Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. | |||||
| CVE-2024-28809 | 2024-10-04 | N/A | 8.8 HIGH | ||
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | |||||
| CVE-2024-28810 | 2024-10-04 | N/A | 6.6 MEDIUM | ||
| An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | |||||
| CVE-2024-25661 | 2024-10-04 | N/A | 7.7 HIGH | ||
| In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application. | |||||
| CVE-2024-28807 | 2024-10-04 | N/A | 6.5 MEDIUM | ||
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. | |||||
| CVE-2024-38280 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-10-03 | N/A | 4.6 MEDIUM |
| An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. | |||||
| CVE-2024-45862 | 1 Kastle | 2 Access Control System, Access Control System Firmware | 2024-09-30 | N/A | 7.5 HIGH |
| Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | |||||
| CVE-2023-5359 | 1 Boldgrid | 1 W3 Total Cache | 2024-09-30 | N/A | 7.5 HIGH |
| The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way. | |||||
| CVE-2024-7259 | 2024-09-30 | N/A | 4.4 MEDIUM | ||
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | |||||
| CVE-2024-6785 | 1 Moxa | 2 Mxview One, Mxview One Central Manager | 2024-09-27 | N/A | 7.1 HIGH |
| The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. | |||||
| CVE-2024-9040 | 1 Code-projects | 1 Blood Bank Management System | 2024-09-27 | 1.4 LOW | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally. | |||||