ReportizFlow
Filtered by vendor
Subscriptions
Total
656 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28809 | 1 Infinera | 1 Hit 7300 | 2024-10-04 | 8.8 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | ||||
| CVE-2024-25661 | 1 Infinera | 1 Tnms | 2024-10-04 | 7.7 High |
| In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application. | ||||
| CVE-2024-28810 | 1 Infinera | 1 Hit 7300 | 2024-10-04 | 6.6 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | ||||
| CVE-2024-45862 | 2 Kastle, Kastlesystems | 3 Access Control System, Access Control System Firmware, Access Control System Firmware | 2024-09-30 | 7.5 High |
| Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | ||||
| CVE-2023-5359 | 1 Boldgrid | 1 W3 Total Cache | 2024-09-30 | 3.7 Low |
| The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way. | ||||
| CVE-2024-6785 | 1 Moxa | 2 Mxview One, Mxview One Central Manager | 2024-09-27 | 5.5 Medium |
| The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. | ||||
| CVE-2024-9040 | 1 Code-projects | 1 Blood Bank Management System | 2024-09-27 | 2.3 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally. | ||||
| CVE-2024-38877 | 1 Siemens | 10 Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System and 7 more | 2024-09-21 | 8.2 High |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. | ||||
| CVE-2024-35282 | 1 Fortinet | 2 Forticlient, Forticlientios | 2024-09-20 | 4 Medium |
| A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | ||||
| CVE-2024-6921 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2024-09-17 | 7.5 High |
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | ||||
| CVE-2021-22509 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.1 High |
| A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | ||||
| CVE-2024-45391 | 1 Tina | 1 Tina | 2024-09-12 | 7.5 High |
| Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix. | ||||
| CVE-2024-8689 | 2024-09-12 | N/A | ||
| A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. | ||||
| CVE-2024-33892 | 1 Hms-networks | 8 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 5 more | 2024-09-03 | 5.3 Medium |
| Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3 | ||||
| CVE-2024-32939 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.3 Medium |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server." | ||||
| CVE-2024-5916 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-20 | 4.4 Medium |
| An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. | ||||