Filtered by CWE-522
Total 1104 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38282 1 Motorolasolutions 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 2024-08-02 N/A
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.
CVE-2024-38285 1 Motorolasolutions 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 2024-08-02 N/A
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools.
CVE-2024-35192 2024-08-02 5.5 Medium
Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if the default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when scanning container images directly from a registry. This vulnerability is fixed in 0.51.2.
CVE-2024-34147 2024-08-02 4.3 Medium
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2024-33849 2024-08-02 6.5 Medium
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
CVE-2024-33496 2024-08-02 6.3 Medium
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
CVE-2024-33497 2024-08-02 6.3 Medium
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.
CVE-2024-32238 1 H3c 1 Er8300g2-x 2024-08-02 9.8 Critical
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
CVE-2024-30119 1 Hcl Software 1 Dryice Optibot Reset Station 2024-08-02 3.7 Low
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.
CVE-2024-29941 2024-08-02 8.0 High
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.
CVE-2024-28325 1 Asus 1 Rt-n12\+ B1 2024-08-02 6.1 Medium
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
CVE-2024-28110 1 Redhat 2 Openshift, Openshift Serverless 2024-08-02 7.5 High
Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.
CVE-2024-27109 2024-08-02 7.6 High
Insufficiently protected credentials in GE HealthCare EchoPAC products
CVE-2024-24595 1 Clear 1 Clearml 2024-08-01 6 Medium
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
CVE-2024-23583 2024-08-01 6.7 Medium
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.
CVE-2024-23551 2024-08-01 6.5 Medium
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.
CVE-2024-23306 2024-08-01 4.4 Medium
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-22345 2024-08-01 6.2 Medium
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192.
CVE-2024-22312 1 Ibm 1 Storage Defender Resiliency Service 2024-08-01 4.4 Medium
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
CVE-2024-21815 2024-08-01 9.1 Critical
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6),  all version of 8.60 and prior.