Total
532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15023 | 1 Zingbox | 1 Inspector | 2023-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | |||||
| CVE-2023-23944 | 1 Nextcloud | 1 Mail | 2023-02-14 | N/A | 6.5 MEDIUM |
| Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue. | |||||
| CVE-2018-16889 | 1 Redhat | 1 Ceph | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | |||||
| CVE-2020-10706 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.6 MEDIUM | 6.6 MEDIUM |
| A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. | |||||
| CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
| CVE-2019-14825 | 1 Theforeman | 1 Katello | 2023-02-12 | 4.0 MEDIUM | 2.7 LOW |
| A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. | |||||
| CVE-2022-45897 | 1 Xerox | 2 Workcentre 3550, Workcentre 3550 Firmware | 2023-02-08 | N/A | 6.5 MEDIUM |
| On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. | |||||
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2023-02-06 | N/A | 6.5 MEDIUM |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | |||||
| CVE-2023-24439 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-04 | N/A | 5.5 MEDIUM |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-48071 | 1 Phicomm | 2 K2, K2 Firmware | 2023-02-04 | N/A | 7.5 HIGH |
| Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | |||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2023-02-02 | N/A | 5.5 MEDIUM |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2023-02-02 | N/A | 5.5 MEDIUM |
| Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24450 | 1 Jenkins | 1 View-cloner | 2023-02-02 | N/A | 6.5 MEDIUM |
| Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-45439 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2023-01-24 | N/A | 6.5 MEDIUM |
| A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability. | |||||
| CVE-2022-42284 | 1 Nvidia | 2 Bmc, Dgx A100 | 2023-01-24 | N/A | 5.5 MEDIUM |
| NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. | |||||
| CVE-2021-36782 | 1 Suse | 1 Rancher | 2023-01-18 | N/A | 9.9 CRITICAL |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. | |||||
| CVE-2022-37785 | 1 Wecube-platform Project | 1 Wecube-platform | 2023-01-09 | N/A | 7.5 HIGH |
| An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. | |||||
| CVE-2022-24120 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-01-05 | N/A | 4.6 MEDIUM |
| Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-12-15 | N/A | 5.5 MEDIUM |
| The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | |||||
| CVE-2019-4314 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2022-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | |||||