Total
1070 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-31415 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-19 | 6.3 Medium |
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | ||||
CVE-2024-47162 | 2024-09-19 | 4.1 Medium | ||
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | ||||
CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-09-19 | 5.1 Medium |
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | ||||
CVE-2023-23370 | 1 Qnap | 1 Qvpn | 2024-09-19 | 6.7 Medium |
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later | ||||
CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-09-19 | 4.6 Medium |
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | ||||
CVE-2024-8986 | 2024-09-19 | 5.5 Medium | ||
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. | ||||
CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-09-18 | 6.5 Medium |
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-09-18 | 6.5 Medium |
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||
CVE-2023-27315 | 1 Netapp | 1 Snapgathers | 2024-09-18 | 6.5 Medium |
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | ||||
CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-09-18 | 6.2 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | ||||
CVE-2024-39879 | 1 Jetbrains | 1 Teamcity | 2024-09-17 | 5 Medium |
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | ||||
CVE-2024-39878 | 1 Jetbrains | 1 Teamcity | 2024-09-17 | 4.1 Medium |
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | ||||
CVE-2023-46651 | 1 Jenkins | 1 Warnings | 2024-09-17 | 6.5 Medium |
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | ||||
CVE-2018-20441 | 1 Technicolor | 2 Tc7200.th2v2, Tc7200.th2v2 Firmware | 2024-09-17 | N/A |
Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | ||||
CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-09-17 | N/A |
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | ||||
CVE-2020-3391 | 1 Cisco | 1 Digital Network Architecture Center | 2024-09-17 | 6.5 Medium |
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. | ||||
CVE-2018-12260 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-09-17 | N/A |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices | ||||
CVE-2021-20410 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-09-17 | 5.3 Medium |
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. | ||||
CVE-2022-34837 | 1 Abb | 1 Zenon | 2024-09-17 | 6.2 Medium |
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | ||||
CVE-2017-8222 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2024-09-17 | N/A |
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. |