Total
655 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19981 | 1 Amazon | 1 Aws Software Development Kit | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms). | |||||
| CVE-2018-19941 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) | |||||
| CVE-2018-19279 | 2 Microsoft, Primx | 2 Windows, Zonecentral | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater. | |||||
| CVE-2018-19009 | 1 Pilz | 1 Pnozmulti Configurator | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. | |||||
| CVE-2018-18641 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. | |||||
| CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | |||||
| CVE-2018-17489 | 1 Hidglobal | 1 Easylobby Solo | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers. | |||||
| CVE-2018-16889 | 1 Redhat | 1 Ceph | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | |||||
| CVE-2018-16498 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. | |||||
| CVE-2018-12572 | 1 Avast | 1 Free Antivirus | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | |||||
| CVE-2018-11242 | 1 Makemytrip | 1 Makemytrip | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files. | |||||
| CVE-2018-10871 | 2 Debian, Fedoraproject | 2 Debian Linux, 389 Directory Server | 2024-11-21 | 4.0 MEDIUM | 3.8 LOW |
| 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. | |||||
| CVE-2018-10812 | 1 Bitpie | 1 Bitcoin Wallet | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS). | |||||
| CVE-2018-0089 | 1 Cisco | 1 Policy Suite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. | |||||
| CVE-2017-9663 | 1 Gm | 1 Shanghai Onstar | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory. | |||||
| CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-5249 | 1 Wink | 1 Wink | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-20040 | 1 Sicunet | 1 Access Control | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. | |||||
| CVE-2017-16835 | 1 Photo\,video Locker-calculator Project | 1 Photo\,video Locker-calculator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. | |||||