Total
660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4312 | 1 Arcinformatique | 1 Pcvue | 2025-04-14 | 5.5 Medium |
| A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | ||||
| CVE-2016-5432 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager | 2025-04-12 | N/A |
| The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | ||||
| CVE-2016-3707 | 3 Linux, Novell, Redhat | 6 Linux Kernel-rt, Suse Linux Enterprise Real Time Extension, Enterprise Linux For Real Time and 3 more | 2025-04-12 | N/A |
| The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. | ||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2025-04-12 | 7.5 High |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | ||||
| CVE-2015-8945 | 1 Openshift | 1 Origin | 2025-04-12 | N/A |
| openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | ||||
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2025-04-12 | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | ||||
| CVE-2022-24120 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | 4.6 Medium |
| Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. | ||||
| CVE-2022-37785 | 1 Wecube-platform Project | 1 Wecube-platform | 2025-04-11 | 7.5 High |
| An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. | ||||
| CVE-2025-3442 | 2025-04-11 | N/A | ||
| This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | ||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-04-11 | 5.7 Medium |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2022-41740 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2025-04-10 | 4.6 Medium |
| IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | ||||
| CVE-2022-22470 | 1 Ibm | 1 Security Verify Governance | 2025-04-10 | 4.1 Medium |
| IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. | ||||
| CVE-2022-45787 | 2 Apache, Redhat | 6 James, Jboss Enterprise Application Platform, Quarkus and 3 more | 2025-04-09 | 5.5 Medium |
| Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. | ||||
| CVE-2009-0152 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 High |
| iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | 7.5 High |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | ||||
| CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2025-04-09 | 7.5 High |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | ||||
| CVE-2009-1466 | 1 Klinzmann | 1 Application Access Server | 2025-04-09 | 5.5 Medium |
| Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.8 High |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | ||||
| CVE-2008-6157 | 1 Sepcity | 1 Classified Ads | 2025-04-09 | 7.5 High |
| SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | 7.5 High |
| UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | ||||