Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10350 | 1 Jenkins | 1 Port Allocator | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2023-31069 | 1 Tsplus | 1 Tsplus Remote Access | 2023-10-25 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | |||||
| CVE-2023-45151 | 1 Nextcloud | 1 Nextcloud Server | 2023-10-20 | N/A | 8.8 HIGH |
| Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-44037 | 1 Zpesystems | 1 Nodegrid Os | 2023-10-19 | N/A | 7.5 HIGH |
| An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. | |||||
| CVE-2023-41964 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2023-10-17 | N/A | 6.5 MEDIUM |
| The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-31041 | 1 Insyde | 1 Insydeh2o | 2023-08-24 | N/A | 7.5 HIGH |
| An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. | |||||
| CVE-2023-40354 | 1 Mariadb | 1 Maxscale | 2023-08-22 | N/A | 6.5 MEDIUM |
| An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3. | |||||
| CVE-2023-39210 | 1 Zoom | 1 Meeting Software Development Kit | 2023-08-15 | N/A | 5.5 MEDIUM |
| Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-39903 | 1 Fujitsu | 1 Software Infrastructure Manager | 2023-08-11 | N/A | 5.0 MEDIUM |
| An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379. | |||||
| CVE-2023-39379 | 1 Fujitsu | 1 Software Infrastructure Manager | 2023-08-09 | N/A | 7.5 HIGH |
| Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. | |||||
| CVE-2023-33373 | 1 Connectedio | 1 Connected Io | 2023-08-08 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. | |||||
| CVE-2023-30146 | 1 Assmann | 2 Ht-ip211hdp, Ht-ip211hdp Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. | |||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2023-08-08 | N/A | 7.5 HIGH |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | |||||
| CVE-2022-20219 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 | |||||
| CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2023-08-08 | N/A | 7.5 HIGH |
| In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
| CVE-2022-22031 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | |||||
| CVE-2022-22069 | 1 Qualcomm | 174 Aqt1000, Aqt1000 Firmware, Qca6390 and 171 more | 2023-08-08 | N/A | 7.8 HIGH |
| Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2023-39144 | 1 Element55 | 1 Knowmore | 2023-08-08 | N/A | 7.5 HIGH |
| Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. | |||||
| CVE-2023-30367 | 1 Mremoteng | 1 Mremoteng | 2023-08-04 | N/A | 7.5 HIGH |
| Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. | |||||