Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22432 | 1 Dell | 1 Networker | 2024-11-21 | 7.8 High |
| Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | ||||
| CVE-2024-22345 | 2024-11-21 | 6.2 Medium | ||
| IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | ||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
| CVE-2024-22266 | 2024-11-21 | 6.5 Medium | ||
| VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. | ||||
| CVE-2024-21869 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 6.2 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | ||||
| CVE-2024-21815 | 2024-11-21 | 9.1 Critical | ||
| Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior. | ||||
| CVE-2023-6791 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.9 Medium |
| A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | ||||
| CVE-2023-6573 | 1 Hp | 1 Oneview | 2024-11-21 | 5.5 Medium |
| HPE OneView may have a missing passphrase during restore. | ||||
| CVE-2023-6421 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-11-21 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | ||||
| CVE-2023-6259 | 2024-11-21 | 7.1 High | ||
| Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3. | ||||
| CVE-2023-6254 | 1 Otrs | 1 Otrs | 2024-11-21 | 8.1 High |
| A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | ||||
| CVE-2023-5552 | 1 Sophos | 1 Firewall | 2024-11-21 | 7.1 High |
| A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | ||||
| CVE-2023-50770 | 1 Jenkins | 1 Openid | 2024-11-21 | 6.7 Medium |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | ||||
| CVE-2023-50436 | 2024-11-21 | 5.3 Medium | ||
| An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5. | ||||
| CVE-2023-50311 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-21 | 3.1 Low |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages. | ||||
| CVE-2023-50291 | 1 Apache | 1 Solr | 2024-11-21 | 7.5 High |
| Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' | ||||
| CVE-2023-50125 | 1 Hozard | 1 Alarm System | 2024-11-21 | 5.9 Medium |
| A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. | ||||
| CVE-2023-4538 | 2024-11-21 | 6.2 Medium | ||
| The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-11-21 | 5.5 Medium |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | ||||
| CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-11-21 | 5.5 Medium |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | ||||