ReportizFlow
Filtered by vendor
Subscriptions
Total
797 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31408 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 5.3 Medium |
| Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. | ||||
| CVE-2024-52525 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-23 | 1.8 Low |
| Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | ||||
| CVE-2023-22878 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-01-21 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | ||||
| CVE-2022-3089 | 1 Echelon | 2 I.lon Vision, Smartserver | 2025-01-17 | 6.3 Medium |
| Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. | ||||
| CVE-2023-2863 | 1 Simpledesign | 1 Diary With Lock\ | 2025-01-16 | 2.3 Low |
| A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. | ||||
| CVE-2023-28345 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | 4.6 Medium |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines. | ||||
| CVE-2023-32448 | 1 Dell | 1 Powerpath | 2025-01-10 | 5.5 Medium |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. | ||||
| CVE-2023-28713 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 8.1 High |
| Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user. | ||||
| CVE-2023-22584 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 7.5 High |
| The Danfoss AK-EM100 stores login credentials in cleartext. | ||||
| CVE-2023-27706 | 1 Bitwarden | 1 Bitwarden | 2025-01-06 | 7.1 High |
| Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | ||||
| CVE-2023-1897 | 1 Atlascopco | 2 Power Focus 6000, Power Focus 6000 Firmware | 2025-01-06 | 9.4 Critical |
| Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller. | ||||
| CVE-2023-27370 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 5.7 Medium |
| NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841. | ||||
| CVE-2024-9802 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-12-19 | 5.3 Medium |
| The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. | ||||
| CVE-2024-9798 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-12-19 | 5.3 Medium |
| The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. | ||||
| CVE-2022-33159 | 1 Ibm | 1 Security Directory Suite Va | 2024-12-13 | 5.3 Medium |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. | ||||
| CVE-2024-11159 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2024-12-06 | 5.3 Medium |
| Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. | ||||
| CVE-2023-27243 | 1 Makves | 1 Dcap | 2024-12-06 | 7.5 High |
| An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. | ||||
| CVE-2018-0089 | 1 Cisco | 1 Policy Suite | 2024-12-03 | N/A |
| A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. | ||||
| CVE-2023-48305 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-27 | 4.2 Medium |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments). | ||||
| CVE-2022-46141 | 1 Siemens | 1 Simatic Step 7 | 2024-11-26 | 4.2 Medium |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. | ||||