Vulnerabilities (CVE)

Filtered by CWE-312
Total 573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0089 1 Cisco 1 Policy Suite 2024-02-28 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.
CVE-2018-8947 1 Laravel Log Viewer Project 1 Laravel Log Viewer 2024-02-28 5.0 MEDIUM 7.5 HIGH
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
CVE-2017-5249 1 Wink 1 Wink 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
CVE-2017-16835 1 Photo\,video Locker-calculator Project 1 Photo\,video Locker-calculator 2024-02-28 5.0 MEDIUM 7.5 HIGH
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
CVE-2018-1621 1 Ibm 1 Websphere Application Server 2024-02-28 2.1 LOW 6.7 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
CVE-2017-14990 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
CVE-2017-3214 1 Milwaukeetool 1 One-key 2024-02-28 5.0 MEDIUM 7.5 HIGH
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
CVE-2017-1309 1 Ibm 1 Infosphere Master Data Management Server 2024-02-28 2.1 LOW 7.8 HIGH
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
CVE-2017-9663 1 Gm 1 Shanghai Onstar 2024-02-28 5.0 MEDIUM 7.5 HIGH
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory.
CVE-2017-2723 1 Huawei 1 Files 2024-02-28 2.1 LOW 6.7 MEDIUM
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak.
CVE-2017-13663 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
CVE-2015-5537 1 Siemens 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System 2024-02-28 4.3 MEDIUM N/A
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
CVE-2016-0876 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVE-2010-0225 1 Sandisk 2 Cruzer Enterprise, Cruzer Enterprise Firmware 2024-02-28 4.6 MEDIUM N/A
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
CVE-2009-2272 1 Huawei 2 D100, D100 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
CVE-2009-0152 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2008-1567 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Opensuse and 1 more 2024-02-28 2.1 LOW 5.5 MEDIUM
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
CVE-2009-1466 1 Klinzmann 1 Application Access Server 2024-02-28 2.1 LOW 5.5 MEDIUM
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
CVE-2008-6157 1 Sepcity 1 Classified Ads 2024-02-28 5.0 MEDIUM 7.5 HIGH
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
CVE-2009-1603 2 Fedoraproject, Opensc-project 2 Fedora, Opensc 2024-02-28 4.3 MEDIUM 7.5 HIGH
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.