Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52579 | 2025-07-15 | N/A | 9.4 CRITICAL | ||
| Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. | |||||
| CVE-2025-50109 | 2025-07-15 | N/A | 7.7 HIGH | ||
| Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere. | |||||
| CVE-2025-48930 | 2025-07-01 | N/A | 2.8 LOW | ||
| The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues. | |||||
| CVE-2024-24915 | 2025-06-30 | N/A | 6.1 MEDIUM | ||
| Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. | |||||
| CVE-2024-33900 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-33901 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-36792 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.2 HIGH |
| An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. | |||||
| CVE-2024-25649 | 1 Delinea | 1 Secret Server | 2025-04-30 | N/A | 6.7 MEDIUM |
| In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies. | |||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | |||||
| CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 4.1 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | |||||
| CVE-2023-40724 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2024-9203 | 2024-09-30 | 1.0 LOW | 2.5 LOW | ||
| A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-35282 | 1 Fortinet | 1 Forticlient | 2024-09-20 | N/A | 4.6 MEDIUM |
| A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | |||||