Total
532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2022-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | |||||
| CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2022-09-30 | 3.5 LOW | 6.5 MEDIUM |
| A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | |||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more | 2022-09-30 | N/A | 5.5 MEDIUM |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2022-09-27 | N/A | 5.3 MEDIUM |
| A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | |||||
| CVE-2020-29550 | 1 Urve | 1 Urve | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5. | |||||
| CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2022-09-01 | N/A | 5.5 MEDIUM |
| A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | |||||
| CVE-2022-2569 | 1 Arcinformatique | 1 Pcvue | 2022-08-30 | N/A | 5.5 MEDIUM |
| The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | |||||
| CVE-2021-23211 | 1 Gallagher | 1 Command Centre | 2022-08-30 | 2.1 LOW | 4.4 MEDIUM |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). | |||||
| CVE-2022-2813 | 1 Guest Management System Project | 1 Guest Management System | 2022-08-16 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400. | |||||
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2022-08-13 | N/A | 8.8 HIGH |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 6.5 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. | |||||
| CVE-2021-41302 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2022-08-12 | 5.0 MEDIUM | 7.3 HIGH |
| ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | |||||
| CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2022-08-08 | N/A | 7.5 HIGH |
| Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | |||||
| CVE-2021-42370 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2022-07-29 | 4.3 MEDIUM | 7.5 HIGH |
| A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.) | |||||
| CVE-2022-24660 | 1 Goldshell | 1 Goldshell Miner Firmware | 2022-07-27 | N/A | 7.5 HIGH |
| The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext. | |||||
| CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
| In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | |||||
| CVE-2019-15507 | 1 Octopus | 1 Server | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
| In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | |||||
| CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | N/A | 7.5 HIGH |
| Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | |||||
| CVE-2021-45077 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | |||||
| CVE-2020-4980 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. | |||||