Total
651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16889 | 1 Redhat | 2 Ceph, Ceph Storage | 2024-11-21 | N/A |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | ||||
| CVE-2018-16498 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 5.5 Medium |
| In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. | ||||
| CVE-2018-12572 | 1 Avast | 1 Free Antivirus | 2024-11-21 | N/A |
| Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | ||||
| CVE-2018-11242 | 1 Makemytrip | 1 Makemytrip | 2024-11-21 | N/A |
| An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files. | ||||
| CVE-2018-10871 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, 389 Directory Server, Enterprise Linux | 2024-11-21 | N/A |
| 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. | ||||
| CVE-2018-10812 | 1 Bitpie | 1 Bitcoin Wallet | 2024-11-21 | N/A |
| The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS). | ||||
| CVE-2017-9663 | 1 Gm | 1 Shanghai Onstar | 2024-11-21 | N/A |
| An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory. | ||||
| CVE-2017-9654 | 1 Philips | 1 Dosewise | 2024-11-21 | N/A |
| The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | ||||
| CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2024-11-21 | N/A |
| In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | ||||
| CVE-2017-5249 | 1 Wink | 1 Wink | 2024-11-21 | N/A |
| In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | ||||
| CVE-2017-3214 | 1 Milwaukeetool | 1 One-key | 2024-11-21 | 7.5 High |
| The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | ||||
| CVE-2017-2723 | 1 Huawei | 1 Files | 2024-11-21 | N/A |
| The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. | ||||
| CVE-2017-2672 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
| A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. | ||||
| CVE-2017-20040 | 1 Sicunet | 1 Access Control | 2024-11-21 | 5.9 Medium |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. | ||||
| CVE-2017-1309 | 1 Ibm | 1 Infosphere Master Data Management Server | 2024-11-21 | N/A |
| IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. | ||||
| CVE-2017-16835 | 1 Photo\,video Locker-calculator Project | 1 Photo\,video Locker-calculator | 2024-11-21 | N/A |
| The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. | ||||
| CVE-2017-14990 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | ||||
| CVE-2017-14941 | 1 Jaspersoft | 1 Jasperreports | 2024-11-21 | N/A |
| Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector. | ||||
| CVE-2017-13663 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2024-11-21 | N/A |
| Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | ||||
| CVE-2016-8366 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | N/A |
| Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. | ||||