Filtered by vendor
Subscriptions
Total
1126 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2024-11-21 | N/A |
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | ||||
CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2024-11-21 | N/A |
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | ||||
CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2024-11-21 | N/A |
The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 5.5 Medium |
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | ||||
CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 5.5 Medium |
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
CVE-2007-0681 | 1 Extcalendar Project | 1 Extcalendar | 2024-11-21 | 9.8 Critical |
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | ||||
CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2024-11-21 | 9.8 Critical |
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | ||||
CVE-2000-0944 | 1 Cgi | 1 Script Center News Update | 2024-11-21 | 9.8 Critical |
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | ||||
CVE-1999-0013 | 1 Ssh | 1 Ssh | 2024-11-21 | 8.4 High |
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | ||||
CVE-2021-1232 | 2024-11-18 | 6.5 Medium | ||
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
CVE-2024-47805 | 1 Jenkins | 1 Credentials | 2024-11-13 | 7.5 High |
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. | ||||
CVE-2022-45157 | 2024-11-13 | 9.1 Critical | ||
A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments. | ||||
CVE-2024-47588 | 2024-11-12 | 4.7 Medium | ||
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. | ||||
CVE-2024-51240 | 1 Openwrt | 1 Luci | 2024-11-06 | 8 High |
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package | ||||
CVE-2024-34882 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. | ||||
CVE-2024-34883 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. | ||||
CVE-2024-34887 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | ||||
CVE-2024-34885 | 1 Bitrix | 1 Bitrix24 | 2024-11-05 | 6.8 Medium |
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. | ||||
CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | 4.9 Medium |
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |