Filtered by vendor
Subscriptions
Total
1126 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29941 | 2024-11-21 | 8.0 High | ||
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. | ||||
CVE-2024-29216 | 2024-11-21 | 6.1 Medium | ||
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. | ||||
CVE-2024-29071 | 1 Kddi | 1 Hgw Bli500hm Firmware | 2024-11-21 | 8.8 High |
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. | ||||
CVE-2024-28325 | 1 Asus | 1 Rt-n12\+ B1 | 2024-11-21 | 6.1 Medium |
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||||
CVE-2024-28110 | 1 Redhat | 2 Openshift, Openshift Serverless | 2024-11-21 | 7.5 High |
Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue. | ||||
CVE-2024-27109 | 2024-11-21 | 7.6 High | ||
Insufficiently protected credentials in GE HealthCare EchoPAC products | ||||
CVE-2024-26330 | 2024-11-21 | 6.5 Medium | ||
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it. | ||||
CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.4 Medium |
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | ||||
CVE-2024-24595 | 1 Clear | 1 Clearml | 2024-11-21 | 6 Medium |
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | ||||
CVE-2024-23583 | 2024-11-21 | 6.7 Medium | ||
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. | ||||
CVE-2024-23551 | 2024-11-21 | 6.5 Medium | ||
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. | ||||
CVE-2024-23306 | 2024-11-21 | 4.4 Medium | ||
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
CVE-2024-22432 | 1 Dell | 1 Networker | 2024-11-21 | 7.8 High |
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | ||||
CVE-2024-22345 | 2024-11-21 | 6.2 Medium | ||
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | ||||
CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | 4.4 Medium |
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
CVE-2024-22266 | 2024-11-21 | 6.5 Medium | ||
VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. | ||||
CVE-2024-21869 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 6.2 Medium |
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | ||||
CVE-2024-21815 | 2024-11-21 | 9.1 Critical | ||
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior. | ||||
CVE-2023-6791 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.9 Medium |
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | ||||
CVE-2023-6573 | 1 Hp | 1 Oneview | 2024-11-21 | 5.5 Medium |
HPE OneView may have a missing passphrase during restore. |