Total
647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31821 | 1 Albis | 1 Albis | 2024-11-21 | 7.5 High |
| An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function. | ||||
| CVE-2023-31069 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | ||||
| CVE-2023-31041 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 7.5 High |
| An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2024-11-21 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2023-30367 | 1 Mremoteng | 1 Mremoteng | 2024-11-21 | 7.5 High |
| Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. | ||||
| CVE-2023-30146 | 1 Assmann | 2 Ht-ip211hdp, Ht-ip211hdp Firmware | 2024-11-21 | 7.5 High |
| Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. | ||||
| CVE-2023-2809 | 1 Sage | 1 Sage 200 Spain | 2024-11-21 | 7.8 High |
| Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. | ||||
| CVE-2023-2358 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2024-11-21 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | ||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2024-11-21 | 7.5 High |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | ||||
| CVE-2023-24964 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. | ||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2024-11-21 | 5.5 Medium |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-24450 | 1 Jenkins | 1 View-cloner | 2024-11-21 | 6.5 Medium |
| Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2024-11-21 | 5.5 Medium |
| Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-24439 | 1 Jenkins | 1 Jira Pipeline Steps | 2024-11-21 | 5.5 Medium |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-24055 | 1 Keepass | 1 Keepass | 2024-11-21 | 5.5 Medium |
| KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC. | ||||
| CVE-2023-23776 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 4.6 Medium |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | ||||
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2024-11-21 | 6.5 Medium |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | ||||
| CVE-2023-20207 | 1 Duo | 1 Authentication Proxy | 2024-11-21 | 4.9 Medium |
| A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text. | ||||
| CVE-2023-20059 | 1 Cisco | 1 Dna Center | 2024-11-21 | 4.3 Medium |
| A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files. | ||||
| CVE-2023-1683 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240. | ||||