Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2020-19137 Cleartext Storage of Sensitive Information vulnerability in Autumn Project Autumn
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
network
low complexity
autumn-project CWE-312
5.0
2021-09-08 CVE-2021-1865 Cleartext Storage of Sensitive Information vulnerability in Apple Ipados and Iphone OS
An issue obscuring passwords in screenshots was addressed with improved logic.
network
apple CWE-312
4.3
2021-09-06 CVE-2021-36096 Cleartext Storage of Sensitive Information vulnerability in Otrs
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
network
low complexity
otrs CWE-312
4.0
2021-08-25 CVE-2021-31989 Cleartext Storage of Sensitive Information vulnerability in Axis Device Manager
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application.
network
axis CWE-312
3.5
2021-08-25 CVE-2021-40087 Cleartext Storage of Sensitive Information vulnerability in Primekey Ejbca
An issue was discovered in PrimeKey EJBCA before 7.6.0.
network
low complexity
primekey CWE-312
4.0
2021-08-18 CVE-2021-31820 Cleartext Storage of Sensitive Information vulnerability in Octopus Server
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
network
low complexity
octopus CWE-312
5.0
2021-08-14 CVE-2020-36473 Cleartext Storage of Sensitive Information vulnerability in Ucweb UC
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
network
ucweb CWE-312
4.3
2021-08-13 CVE-2020-18759 Cleartext Storage of Sensitive Information vulnerability in Dcce Mac1100 PLC Firmware
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.
network
low complexity
dcce CWE-312
5.0
2021-08-06 CVE-2021-37548 Cleartext Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
network
low complexity
jetbrains CWE-312
5.0
2021-08-03 CVE-2021-33323 Cleartext Storage of Sensitive Information vulnerability in Liferay DXP and Liferay Portal
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
network
low complexity
liferay CWE-312
5.0