Total
628 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33470 | 2024-11-21 | 4.9 Medium | ||
| An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-32474 | 2024-11-21 | 7.3 High | ||
| Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more. | ||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | ||||
| CVE-2024-31587 | 1 Secu | 1 Secustation Firmware | 2024-11-21 | 6.5 Medium |
| SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. | ||||
| CVE-2024-31486 | 2024-11-21 | 5.3 Medium | ||
| A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. | ||||
| CVE-2024-29956 | 2024-11-21 | 6.5 Medium | ||
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. | ||||
| CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.9 Medium |
| A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | ||||
| CVE-2024-29952 | 2024-11-21 | 5.5 Medium | ||
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. | ||||
| CVE-2024-28387 | 2024-11-21 | 7.5 High | ||
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | ||||
| CVE-2024-28327 | 1 Asus | 1 Rt-n12\+ B1 | 2024-11-21 | 8.4 High |
| Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||||
| CVE-2024-28024 | 2 Hitachi Energy, Hitachienergy | 4 Foxman-un, Unem, Foxman-un and 1 more | 2024-11-21 | 4.1 Medium |
| A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | ||||
| CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | 5.5 Medium |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
| CVE-2024-24488 | 1 Tendacn | 2 Cp3, Cp3 Firmware | 2024-11-21 | 5.5 Medium |
| An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | ||||
| CVE-2024-24375 | 2024-11-21 | 7.5 High | ||
| SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. | ||||
| CVE-2024-22084 | 2024-11-21 | 7.5 High | ||
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. | ||||
| CVE-2023-6874 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 7.5 High |
| Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | ||||
| CVE-2023-6250 | 1 Bestwebsoft | 1 Like \& Share | 2024-11-21 | 7.5 High |
| The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | ||||
| CVE-2023-51702 | 1 Apache | 2 Airflow, Airflow Cncf Kubernetes | 2024-11-21 | 6.5 Medium |
| Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | ||||
| CVE-2023-50957 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 8 High |
| IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | ||||
| CVE-2023-50777 | 1 Jenkins | 1 Paaslane Estimate | 2024-11-21 | 4.3 Medium |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||