Total
778 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0089 | 1 Cisco | 1 Policy Suite | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. | |||||
| CVE-2017-9663 | 1 Gm | 1 Shanghai Onstar | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory. | |||||
| CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2026-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-5249 | 1 Wink | 1 Wink | 2026-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-3214 | 1 Milwaukeetool | 1 One-key | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | |||||
| CVE-2017-2723 | 1 Huawei | 1 Files | 2026-06-17 | 2.1 LOW | 6.7 MEDIUM |
| The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. | |||||
| CVE-2017-20040 | 1 Sicunet | 1 Access Control | 2026-06-17 | 2.1 LOW | 5.9 MEDIUM |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. | |||||
| CVE-2017-1309 | 1 Ibm | 1 Infosphere Master Data Management Server | 2026-06-17 | 2.1 LOW | 7.8 HIGH |
| IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. | |||||
| CVE-2017-16835 | 1 Photo\,video Locker-calculator Project | 1 Photo\,video Locker-calculator | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. | |||||
| CVE-2017-14990 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | |||||
| CVE-2017-13663 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||||
| CVE-2016-3192 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | |||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||||
| CVE-2015-8314 | 1 Heartcombo | 1 Devise | 2026-06-17 | N/A | 7.5 HIGH |
| The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | |||||
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2026-06-17 | 4.3 MEDIUM | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | |||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | |||||
| CVE-2011-5247 | 1 Prophecyinternational | 1 Snare | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. | |||||
| CVE-2011-4723 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2026-06-16 | 6.8 MEDIUM | 5.7 MEDIUM |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2026-06-16 | 2.1 LOW | 5.5 MEDIUM |
| qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | |||||