CWE-316
AllowedCleartext Storage of Sensitive Information in Memory
Abstraction: Variant · Status: Draft
The product stores sensitive information in cleartext in memory.
62 vulnerabilities reference this CWE, most recent first.
GHSA-C45J-7735-F4R2
Vulnerability from github – Published: 2024-05-20 21:31 – Updated: 2024-07-03 18:42KeePassXC 2.7.7 allows attackers to recover cleartext credentials.
{
"affected": [],
"aliases": [
"CVE-2024-33900"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-20T21:15:09Z",
"severity": "MODERATE"
},
"details": "KeePassXC 2.7.7 allows attackers to recover cleartext credentials.",
"id": "GHSA-c45j-7735-f4r2",
"modified": "2024-07-03T18:42:40Z",
"published": "2024-05-20T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33900"
},
{
"type": "WEB",
"url": "https://github.com/keepassxreboot/keepassxc/issues/10784"
},
{
"type": "WEB",
"url": "https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838"
},
{
"type": "WEB",
"url": "https://keepassxc.org/blog"
},
{
"type": "WEB",
"url": "https://keepassxc.org/blog/2019-02-21-memory-security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CV8W-W978-3XWW
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2024-11-08 09:30A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
{
"affected": [],
"aliases": [
"CVE-2021-31989"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.",
"id": "GHSA-cv8w-w978-3xww",
"modified": "2024-11-08T09:30:29Z",
"published": "2022-05-24T19:12:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31989"
},
{
"type": "WEB",
"url": "https://www.axis.com/files/tech_notes/CVE-2021-31989.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FCH8-H9XW-98MW
Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 06:31IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.
{
"affected": [],
"aliases": [
"CVE-2024-49800"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T00:15:27Z",
"severity": "MODERATE"
},
"details": "IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.",
"id": "GHSA-fch8-h9xw-98mw",
"modified": "2025-02-06T06:31:26Z",
"published": "2025-02-06T06:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49800"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7182522"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FJ4X-VQ3P-RJCF
Vulnerability from github – Published: 2025-12-10 21:31 – Updated: 2025-12-11 21:31The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. As a result, an attacker with physical access to the device of a victim can retrieve this information and gain unauthorized access to their home Wi-Fi network and Meatmeet account.
{
"affected": [],
"aliases": [
"CVE-2025-65832"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T21:16:09Z",
"severity": "MODERATE"
},
"details": "The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. As a result, an attacker with physical access to the device of a victim can retrieve this information and gain unauthorized access to their home Wi-Fi network and Meatmeet account.",
"id": "GHSA-fj4x-vq3p-rjcf",
"modified": "2025-12-11T21:31:27Z",
"published": "2025-12-10T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65832"
},
{
"type": "WEB",
"url": "https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-sensitive-information-stored-in-memory-md"
},
{
"type": "WEB",
"url": "https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Sensitive%20Information-Stored-in-Memory.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G437-XQHV-C7MQ
Vulnerability from github – Published: 2024-05-20 21:31 – Updated: 2024-08-01 15:31Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.
{
"affected": [],
"aliases": [
"CVE-2024-33901"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-20T21:15:09Z",
"severity": "MODERATE"
},
"details": "Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.",
"id": "GHSA-g437-xqhv-c7mq",
"modified": "2024-08-01T15:31:45Z",
"published": "2024-05-20T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33901"
},
{
"type": "WEB",
"url": "https://github.com/keepassxreboot/keepassxc/issues/10784"
},
{
"type": "WEB",
"url": "https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838"
},
{
"type": "WEB",
"url": "https://keepassxc.org/blog"
},
{
"type": "WEB",
"url": "https://keepassxc.org/blog/2019-02-21-memory-security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GQM3-PXVJ-G2XQ
Vulnerability from github – Published: 2025-07-11 00:30 – Updated: 2025-07-11 00:30Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
{
"affected": [],
"aliases": [
"CVE-2025-50109"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-11T00:15:26Z",
"severity": "HIGH"
},
"details": "Emerson ValveLink Products store\nsensitive information in cleartext within a resource that might be accessible to another control sphere.",
"id": "GHSA-gqm3-pxvj-g2xq",
"modified": "2025-07-11T00:30:32Z",
"published": "2025-07-11T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50109"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
},
{
"type": "WEB",
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"type": "WEB",
"url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H4JV-267R-4GXQ
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
{
"affected": [],
"aliases": [
"CVE-2022-0835"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.",
"id": "GHSA-h4jv-267r-4gxq",
"modified": "2022-04-19T00:01:25Z",
"published": "2022-04-12T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0835"
},
{
"type": "WEB",
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-007.pdf"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HFPV-GCCV-QHV9
Vulnerability from github – Published: 2025-07-11 00:30 – Updated: 2025-07-11 00:30Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.
{
"affected": [],
"aliases": [
"CVE-2025-52579"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-11T00:15:26Z",
"severity": "CRITICAL"
},
"details": "Emerson ValveLink Products store sensitive information in cleartext in memory. The \nsensitive memory might be saved to disk, stored in a core dump, or \nremain uncleared if the product crashes, or if the programmer does not \nproperly clear the memory before freeing it.",
"id": "GHSA-hfpv-gccv-qhv9",
"modified": "2025-07-11T00:30:33Z",
"published": "2025-07-11T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52579"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
},
{
"type": "WEB",
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"type": "WEB",
"url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JFGV-77W2-93RX
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-10-26 12:00The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
{
"affected": [],
"aliases": [
"CVE-2021-32942"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.",
"id": "GHSA-jfgv-77w2-93rx",
"modified": "2022-10-26T12:00:39Z",
"published": "2022-05-24T19:04:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32942"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03"
},
{
"type": "WEB",
"url": "https://www.aveva.com/en/support/cyber-security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JFX7-932X-94FG
Vulnerability from github – Published: 2025-10-27 18:31 – Updated: 2025-10-27 21:30Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing.
{
"affected": [],
"aliases": [
"CVE-2025-60791"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T16:15:42Z",
"severity": "MODERATE"
},
"details": "Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing.",
"id": "GHSA-jfx7-932x-94fg",
"modified": "2025-10-27T21:30:26Z",
"published": "2025-10-27T18:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60791"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/210832"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/easyworkaccounting"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.