Filtered by vendor
Subscriptions
Total
626 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-9991 | 1 Signify Innovations India | 7 Phillips Smart Bulb 10-watt Firmware, Phillips Smart Bulb 12-watt Firmware, Phillips Smart Bulb 9-watt Firmware and 4 more | 2024-10-28 | N/A |
This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. | ||||
CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2024-10-18 | 6.5 Medium |
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | ||||
CVE-2024-8070 | 2024-10-15 | 8.5 High | ||
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | ||||
CVE-2024-20448 | 1 Cisco | 1 Nexus Dashboard Fabric Controller | 2024-10-08 | 6.3 Medium |
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. | ||||
CVE-2024-8644 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | 7.5 High |
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0. | ||||
CVE-2024-8459 | 2 Planet, Planet Technology Corp | 6 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 3 more | 2024-10-04 | 7.2 High |
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. | ||||
CVE-2024-25661 | 1 Infinera | 1 Tnms | 2024-10-04 | 7.7 High |
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application. | ||||
CVE-2024-28810 | 1 Infinera | 1 Hit 7300 | 2024-10-04 | 6.6 Medium |
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | ||||
CVE-2024-28809 | 1 Infinera | 1 Hit 7300 | 2024-10-04 | 8.8 High |
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | ||||
CVE-2024-28807 | 1 Infinera | 1 Hit 7300 | 2024-10-04 | 6.5 Medium |
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. | ||||
CVE-2024-45862 | 2 Kastle, Kastlesystems | 3 Access Control System, Access Control System Firmware, Access Control System Firmware | 2024-09-30 | 7.5 High |
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | ||||
CVE-2023-5359 | 1 Boldgrid | 1 W3 Total Cache | 2024-09-30 | 3.7 Low |
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way. | ||||
CVE-2024-7259 | 1 Redhat | 1 Rhev Hypervisor | 2024-09-30 | 4.4 Medium |
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | ||||
CVE-2024-6785 | 1 Moxa | 2 Mxview One, Mxview One Central Manager | 2024-09-27 | 5.5 Medium |
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. | ||||
CVE-2024-9040 | 1 Code-projects | 1 Blood Bank Management System | 2024-09-27 | 2.3 Low |
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally. | ||||
CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 5.5 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | ||||
CVE-2024-38877 | 1 Siemens | 10 Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System and 7 more | 2024-09-21 | 8.2 High |
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. | ||||
CVE-2024-35282 | 1 Fortinet | 2 Forticlient, Forticlientios | 2024-09-20 | 4 Medium |
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | ||||
CVE-2024-6921 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2024-09-17 | 7.5 High |
Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | ||||
CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2024-09-13 | 8.1 High |
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them. |