Total
660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3952 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2024-11-21 | N/A |
| Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | ||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 10 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 7 more | 2024-11-21 | 5.5 Medium |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2015-1012 | 1 Pfizer | 2 Lifecare Pca Infusion System, Lifecare Pca Infusion System Firmware | 2024-11-21 | N/A |
| Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. | ||||
| CVE-2014-5433 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | N/A |
| An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | ||||
| CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 7.5 High |
| Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | ||||
| CVE-2011-5247 | 1 Prophecyinternational | 1 Snare | 2024-11-21 | 7.5 High |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. | ||||
| CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2024-11-21 | 5.5 Medium |
| qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | ||||
| CVE-2010-3282 | 3 Fedoraproject, Hp, Redhat | 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more | 2024-11-21 | 3.3 Low |
| 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | ||||
| CVE-2009-5068 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 7.2 High |
| There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. | ||||
| CVE-2008-7272 | 1 Getfiregpg | 1 Firegpg | 2024-11-21 | 7.5 High |
| FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. | ||||
| CVE-2024-46383 | 2024-11-18 | 2.4 Low | ||
| Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext. | ||||
| CVE-2024-47529 | 1 Openc3 | 1 Cosmos | 2024-11-13 | 6.5 Medium |
| OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition. | ||||
| CVE-2024-43429 | 1 Moodle | 1 Moodle | 2024-11-12 | 5.3 Medium |
| A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information. | ||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2024-11-12 | 7.5 High |
| Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | ||||
| CVE-2024-10523 | 1 Tp-link | 2 Tapo H100, Tapo H100 Firmware | 2024-11-08 | 4.6 Medium |
| This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | ||||
| CVE-2024-34891 | 1 Bitrix | 1 Bitrix24 | 2024-11-05 | 6.8 Medium |
| Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. | ||||
| CVE-2024-40457 | 1 No-ip | 1 Duc | 2024-10-31 | 9.1 Critical |
| No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior. | ||||
| CVE-2024-7783 | 2 Miniplex Labs, Mintplexlabs | 2 Miniplex Labs\/anything Lim, Anythingllm | 2024-10-31 | 7.5 High |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | ||||
| CVE-2024-9991 | 1 Signify Innovations India | 7 Phillips Smart Bulb 10-watt Firmware, Phillips Smart Bulb 12-watt Firmware, Phillips Smart Bulb 9-watt Firmware and 4 more | 2024-10-28 | N/A |
| This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. | ||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2024-10-18 | 6.5 Medium |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | ||||