Total
536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25023 | 2024-07-11 | N/A | 6.2 MEDIUM | ||
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | |||||
| CVE-2024-31486 | 2024-07-04 | N/A | 5.3 MEDIUM | ||
| A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. | |||||
| CVE-2024-36497 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely. | |||||
| CVE-2023-49113 | 2024-07-03 | N/A | 7.8 HIGH | ||
| The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file "lib.engine/insight/optimyth-insight.jar" contains the file "InsightServicesConfig.properties", which has the configuration tokens "insight.github.user" as well as "insight.github.password" prefilled with credentials. At least the specified username corresponds to a valid GitHub account. The JAR file "lib.engine/insight/optimyth-insight.jar" also contains the file "es/als/security/Encryptor.properties", in which the key used for encrypting the results of any performed scan. This issue affects Kiuwan SAST: <master.1808.p685.q13371 | |||||
| CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-07-03 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. | |||||
| CVE-2024-4235 | 2024-06-04 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-36119 | 2024-05-31 | N/A | 1.8 LOW | ||
| Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matching **all** of the following conditions: 1. Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one calendar week), 2. Using the `user:register_form` tag. 3. Using file-based user accounts. (Does not affect users stored in a database.), 4. Has users that have registered during that time period. (Existing users are not affected.). Additionally passwords are only visible to users that have access to read user yaml files, typically developers of the application itself. This issue has been patched in version 5.6.2, however any users registered during that time period and using the affected version range will still have the the `password_confirmation` value in their yaml files. We recommend that affected users have their password reset. System administrators are advised to upgrade their deployments. There are no known workarounds for this vulnerability. Anyone who commits their files to a public git repo, may consider clearing the sensitive data from the git history as it is likely that passwords were uploaded. | |||||
| CVE-2024-3742 | 2024-05-28 | N/A | 7.5 HIGH | ||
| Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. | |||||
| CVE-2022-2513 | 1 Hitachienergy | 6 650connectivitypackage, 670connectivitypackage, Gms600connectivitypackage and 3 more | 2024-05-28 | N/A | 5.5 MEDIUM |
| A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. | |||||
| CVE-2023-4392 | 1 Assaabloy | 1 Control Id Gerencia Web | 2024-05-17 | 2.6 LOW | 5.3 MEDIUM |
| A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237380. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3762 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-05-17 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2863 | 1 Simpledesign | 1 Diary With Lock\ | 2024-05-17 | 1.4 LOW | 5.5 MEDIUM |
| A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. | |||||
| CVE-2023-1683 | 1 Xunruicms | 1 Xunruicms | 2024-05-17 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240. | |||||
| CVE-2024-4840 | 2024-05-14 | N/A | 5.5 MEDIUM | ||
| An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs. | |||||
| CVE-2023-27370 | 2024-05-03 | N/A | 5.7 MEDIUM | ||
| NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841. | |||||
| CVE-2023-37396 | 2024-04-19 | N/A | 2.5 LOW | ||
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. | |||||
| CVE-2024-32474 | 2024-04-19 | N/A | 7.3 HIGH | ||
| Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more. | |||||
| CVE-2024-29956 | 2024-04-18 | N/A | 6.5 MEDIUM | ||
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. | |||||
| CVE-2024-29952 | 2024-04-18 | N/A | 5.5 MEDIUM | ||
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | |||||
| CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2024-03-21 | N/A | 5.5 MEDIUM |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | |||||