Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2024-02-14 | 4.3 MEDIUM | 7.5 HIGH |
| src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | |||||
| CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | |||||
| CVE-2021-45025 | 1 Rocketsoftware | 1 Ags-zena | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | |||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2024-02-13 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |||||
| CVE-2001-1481 | 1 Xitami | 1 Xitami | 2024-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1537 | 1 Symfony | 1 Twig | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | |||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2024-02-13 | 7.5 HIGH | 7.5 HIGH |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | |||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | |||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2024-02-13 | 1.9 LOW | 5.5 MEDIUM |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | |||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2024-02-10 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | |||||
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2024-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | |||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2024-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||
| CVE-2022-46141 | 1 Siemens | 1 Simatic Step 7 | 2024-02-05 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. | |||||
| CVE-2023-48707 | 1 Codeigniter | 1 Shield | 2024-02-05 | N/A | 6.5 MEDIUM |
| CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-50776 | 1 Jenkins | 1 Paaslane Estimate | 2024-02-05 | N/A | 4.3 MEDIUM |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2015-8314 | 1 Heartcombo | 1 Devise | 2024-02-05 | N/A | 7.5 HIGH |
| The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | |||||
| CVE-2023-6250 | 1 Bestwebsoft | 1 Like \& Share | 2024-02-05 | N/A | 7.5 HIGH |
| The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | |||||
| CVE-2023-40238 | 1 Insyde | 1 Insydeh2o | 2024-02-05 | N/A | 5.5 MEDIUM |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | |||||