Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2023-09-05 | N/A | 6.5 MEDIUM |
| Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | |||||
| CVE-2023-3950 | 1 Gitlab | 1 Gitlab | 2023-09-01 | N/A | 3.8 LOW |
| An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. | |||||
| CVE-2023-31041 | 1 Insyde | 1 Insydeh2o | 2023-08-24 | N/A | 7.5 HIGH |
| An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. | |||||
| CVE-2023-40354 | 1 Mariadb | 1 Maxscale | 2023-08-22 | N/A | 6.5 MEDIUM |
| An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3. | |||||
| CVE-2023-39210 | 1 Zoom | 1 Meeting Software Development Kit | 2023-08-15 | N/A | 5.5 MEDIUM |
| Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-39903 | 1 Fujitsu | 1 Software Infrastructure Manager | 2023-08-11 | N/A | 5.0 MEDIUM |
| An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379. | |||||
| CVE-2023-39379 | 1 Fujitsu | 1 Software Infrastructure Manager | 2023-08-09 | N/A | 7.5 HIGH |
| Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. | |||||
| CVE-2023-33373 | 1 Connectedio | 1 Connected Io | 2023-08-08 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. | |||||
| CVE-2023-30146 | 1 Assmann | 2 Ht-ip211hdp, Ht-ip211hdp Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. | |||||
| CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2023-08-08 | N/A | 7.5 HIGH |
| In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
| CVE-2022-20219 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 | |||||
| CVE-2022-42931 | 1 Mozilla | 1 Firefox | 2023-08-08 | N/A | 3.3 LOW |
| Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. | |||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2023-08-08 | N/A | 7.5 HIGH |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | |||||
| CVE-2022-22031 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | |||||
| CVE-2022-22069 | 1 Qualcomm | 174 Aqt1000, Aqt1000 Firmware, Qca6390 and 171 more | 2023-08-08 | N/A | 7.8 HIGH |
| Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2023-39144 | 1 Element55 | 1 Knowmore | 2023-08-08 | N/A | 7.5 HIGH |
| Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. | |||||
| CVE-2023-30367 | 1 Mremoteng | 1 Mremoteng | 2023-08-04 | N/A | 7.5 HIGH |
| Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. | |||||
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2023-08-03 | N/A | 5.5 MEDIUM |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
| CVE-2023-33742 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2023-08-03 | N/A | 7.5 HIGH |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe. | |||||
| CVE-2021-40454 | 1 Microsoft | 11 365 Apps, Office, Windows 10 and 8 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Rich Text Edit Control Information Disclosure Vulnerability | |||||