Total
491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46128 | 1 Networktocode | 1 Nautobot | 2023-12-10 | N/A | 6.5 MEDIUM |
| Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3. | |||||
| CVE-2023-41964 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2023-12-10 | N/A | 6.5 MEDIUM |
| The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-4066 | 1 Redhat | 4 Enterprise Linux, Jboss A-mq, Jboss Middleware and 1 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | |||||
| CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2023-12-10 | N/A | 6.5 MEDIUM |
| Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | |||||
| CVE-2023-33742 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe. | |||||
| CVE-2023-31041 | 1 Insyde | 1 Insydeh2o | 2023-12-10 | N/A | 7.5 HIGH |
| An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. | |||||
| CVE-2023-40354 | 1 Mariadb | 1 Maxscale | 2023-12-10 | N/A | 6.5 MEDIUM |
| An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3. | |||||
| CVE-2023-33373 | 1 Connectedio | 1 Connected Io | 2023-12-10 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. | |||||
| CVE-2023-39903 | 1 Fujitsu | 1 Software Infrastructure Manager | 2023-12-10 | N/A | 5.0 MEDIUM |
| An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379. | |||||
| CVE-2023-45151 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | N/A | 8.8 HIGH |
| Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-31821 | 1 Albis | 1 Albis | 2023-12-10 | N/A | 7.5 HIGH |
| An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function. | |||||
| CVE-2023-30146 | 1 Assmann | 2 Ht-ip211hdp, Ht-ip211hdp Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. | |||||
| CVE-2023-46376 | 1 Zentao | 1 Biz | 2023-12-10 | N/A | 7.5 HIGH |
| Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. | |||||
| CVE-2023-31069 | 1 Tsplus | 1 Tsplus Remote Access | 2023-12-10 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | |||||
| CVE-2023-39210 | 1 Zoom | 1 Meeting Software Development Kit | 2023-12-10 | N/A | 5.5 MEDIUM |
| Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-32983 | 1 Jenkins | 1 Ansible | 2023-12-10 | N/A | 5.3 MEDIUM |
| Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-29480 | 1 Ribose | 1 Rnp | 2023-12-10 | N/A | 7.5 HIGH |
| Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. | |||||
| CVE-2023-20059 | 1 Cisco | 1 Dna Center | 2023-12-10 | N/A | 6.5 MEDIUM |
| A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files. | |||||
| CVE-2023-29471 | 1 Lightbend | 1 Alpakka Kafka | 2023-12-10 | N/A | 5.5 MEDIUM |
| Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. | |||||
| CVE-2023-30523 | 1 Jenkins | 1 Report Portal | 2023-12-10 | N/A | 4.3 MEDIUM |
| Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||