Total
1072 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1362 | 1 Ibm | 1 Security Identity Manager | 2024-09-16 | N/A |
| IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. | ||||
| CVE-2021-38976 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-09-16 | 5.5 Medium |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781. | ||||
| CVE-2022-20914 | 1 Cisco | 1 Identity Services Engine | 2024-09-16 | 4.9 Medium |
| A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials. | ||||
| CVE-2021-1392 | 1 Cisco | 2 Ios, Ios Xe | 2024-09-16 | 7.8 High |
| A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device. | ||||
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2024-09-16 | 3.9 Low |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | ||||
| CVE-2020-7299 | 1 Mcafee | 1 True Key | 2024-09-16 | 5 Medium |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | ||||
| CVE-2019-4307 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-16 | 5.5 Medium |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. | ||||
| CVE-2019-0072 | 1 Juniper | 1 Sbr Carrier | 2024-09-16 | 5.6 Medium |
| An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4. | ||||
| CVE-2022-34371 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 8.1 High |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | ||||
| CVE-2018-10622 | 1 Medtronic | 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more | 2024-09-16 | N/A |
| A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. | ||||
| CVE-2023-47741 | 1 Ibm | 2 Db2 Mirror For I, I | 2024-09-16 | 5.3 Medium |
| IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. | ||||
| CVE-2017-2751 | 1 Hp | 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more | 2024-09-16 | N/A |
| A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. | ||||
| CVE-2020-26079 | 1 Cisco | 1 Iot Field Network Director | 2024-09-16 | 4.9 Medium |
| A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. | ||||
| CVE-2021-1126 | 1 Cisco | 1 Firepower Management Center | 2024-09-16 | 5.5 Medium |
| A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. | ||||
| CVE-2021-36783 | 1 Suse | 1 Rancher | 2024-09-16 | 9.9 Critical |
| A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. | ||||
| CVE-2018-20383 | 2 Arris, Commscope | 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more | 2024-09-16 | 9.8 Critical |
| ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-09-16 | 4.9 Medium |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | ||||
| CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-16 | N/A |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | ||||
| CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2024-09-16 | N/A |
| The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2021-34733 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-09-16 | 5.5 Medium |
| A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system. | ||||