Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32483 | 1 Dell | 1 Wyse Management Suite | 2024-02-05 | N/A | 4.4 MEDIUM |
| Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files. | |||||
| CVE-2023-39144 | 1 Element55 | 1 Knowmore | 2024-02-05 | N/A | 7.5 HIGH |
| Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. | |||||
| CVE-2023-36136 | 1 Phpjabbers | 1 Class Scheduling System | 2024-02-05 | N/A | 6.5 MEDIUM |
| PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | |||||
| CVE-2023-30527 | 1 Jenkins | 1 Wso2 Oauth | 2024-02-04 | N/A | 4.3 MEDIUM |
| Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-3395 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2024-02-04 | N/A | 6.5 MEDIUM |
| ?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer. | |||||
| CVE-2023-28345 | 2 Faronics, Microsoft | 2 Insight, Windows | 2024-02-04 | N/A | 4.6 MEDIUM |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines. | |||||
| CVE-2023-28713 | 1 Contec | 1 Conprosys Hmi System | 2024-02-04 | N/A | 8.1 HIGH |
| Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user. | |||||
| CVE-2023-29471 | 1 Lightbend | 1 Alpakka Kafka | 2024-02-04 | N/A | 5.5 MEDIUM |
| Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. | |||||
| CVE-2023-22878 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-04 | N/A | 5.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | |||||
| CVE-2023-1897 | 2024-02-04 | N/A | 7.5 HIGH | ||
| Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller. | |||||
| CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | N/A | 4.9 MEDIUM |
| A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | |||||
| CVE-2023-26593 | 1 Yokogawa | 8 B\/m9000 Vp, B\/m9000cs, Centum Cs 1000 and 5 more | 2024-02-04 | N/A | 7.8 HIGH |
| CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later | |||||
| CVE-2023-31408 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-02-04 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. | |||||
| CVE-2023-32983 | 1 Jenkins | 1 Ansible | 2024-02-04 | N/A | 5.3 MEDIUM |
| Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-30530 | 1 Jenkins | 1 Consul Kv Builder | 2024-02-04 | N/A | 4.3 MEDIUM |
| Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-35699 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-02-04 | N/A | 4.6 MEDIUM |
| Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | |||||
| CVE-2022-22302 | 1 Fortinet | 2 Fortiauthenticator, Fortios | 2024-02-04 | N/A | 3.3 LOW |
| A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. | |||||
| CVE-2023-20914 | 1 Google | 1 Android | 2024-02-04 | N/A | 5.5 MEDIUM |
| In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529 | |||||
| CVE-2023-30523 | 1 Jenkins | 1 Report Portal | 2024-02-04 | N/A | 4.3 MEDIUM |
| Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2023-27706 | 1 Bitwarden | 1 Bitwarden | 2024-02-04 | N/A | 7.1 HIGH |
| Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | |||||