ReportizFlow
Filtered by vendor
Subscriptions
Total
626 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3395 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2024-11-21 | 6.5 Medium |
| All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer. | ||||
| CVE-2023-39903 | 1 Fujitsu | 1 Software Infrastructure Manager | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379. | ||||
| CVE-2023-39440 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.4 Medium |
| In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity. | ||||
| CVE-2023-39379 | 1 Fujitsu | 1 Software Infrastructure Manager | 2024-11-21 | 7.5 High |
| Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. | ||||
| CVE-2023-39210 | 1 Zoom | 1 Meeting Software Development Kit | 2024-11-21 | 5.5 Medium |
| Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | ||||
| CVE-2023-39144 | 1 Element55 | 1 Knowmore | 2024-11-21 | 7.5 High |
| Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. | ||||
| CVE-2023-37468 | 1 Thm | 1 Feedbacksystem | 2024-11-21 | 6 Medium |
| Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2. | ||||
| CVE-2023-36136 | 1 Phpjabbers | 1 Class Scheduling System | 2024-11-21 | 6.5 Medium |
| PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | ||||
| CVE-2023-35699 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | 5.3 Medium |
| Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | ||||
| CVE-2023-33742 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | 7.5 High |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe. | ||||
| CVE-2023-33373 | 1 Connectedio | 1 Connected Io | 2024-11-21 | 9.8 Critical |
| Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. | ||||
| CVE-2023-32983 | 1 Jenkins | 1 Ansible | 2024-11-21 | 5.3 Medium |
| Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-32483 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.4 Medium |
| Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files. | ||||
| CVE-2023-32455 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | 5.5 Medium |
| Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | ||||
| CVE-2023-32448 | 1 Dell | 1 Powerpath | 2024-11-21 | 5.5 Medium |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. | ||||
| CVE-2023-32447 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | 5.5 Medium |
| Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | ||||
| CVE-2023-32446 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | 5.5 Medium |
| Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | ||||
| CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.4 Medium |
| Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | ||||
| CVE-2023-31821 | 1 Albis | 1 Albis | 2024-11-21 | 7.5 High |
| An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function. | ||||
| CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.7 Medium |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | ||||