Vulnerabilities > Cleartext Storage of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-7259 | A flaw was found in oVirt. | 4.4 |
| 2024-09-25 | CVE-2023-5359 | Cleartext Storage of Sensitive Information vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. | 7.5 |
| 2024-09-21 | CVE-2024-6785 | Cleartext Storage of Sensitive Information vulnerability in Moxa Mxview ONE and Mxview ONE Central Manager The configuration file stores credentials in cleartext. | 7.1 |
| 2024-09-20 | CVE-2024-9040 | Cleartext Storage of Sensitive Information vulnerability in Code-Projects Blood Bank Management System 1.0 A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. | 5.5 |
| 2024-09-19 | CVE-2024-45862 | Cleartext Storage of Sensitive Information vulnerability in Kastle Access Control System Firmware Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | 7.5 |
| 2024-09-12 | CVE-2024-41629 | Cleartext Storage of Sensitive Information vulnerability in TI Fusion Digital Power Designer 7.10.1 An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | 5.5 |
| 2024-09-10 | CVE-2024-35282 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Forticlient A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | 4.6 |
| 2024-09-04 | CVE-2024-45004 | Cleartext Storage of Sensitive Information vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read (export) will simply convert this field to hex and send it to userspace. With DCP-based trusted keys, we decrypt the blob encryption key (BEK) in the Kernel due hardware limitations and then decrypt the blob payload. BEK decryption is done in-place which means that the trusted key blob field is modified and it consequently holds the BEK in plain text. Every subsequent read of that key thus send the plain text BEK instead of the encrypted BEK to userspace. This issue only occurs when importing a trusted DCP-based key and then exporting it again. | 5.5 |
| 2024-09-04 | CVE-2024-41716 | Cleartext Storage of Sensitive Information vulnerability in Idec Windldr and Windo/I-Nv4 Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. | 8.1 |
| 2024-09-03 | CVE-2024-45391 | Cleartext Storage of Sensitive Information vulnerability in Tina Tina is an open-source content management system (CMS). | 7.5 |