ReportizFlow
Filtered by vendor
Subscriptions
Total
1364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-11-21 | 5.5 Medium |
| Claws Mail vCalendar plugin: credentials exposed on interface | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 5.5 Medium |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | ||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 5.5 Medium |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
| CVE-2024-34882 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
| Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. | ||||
| CVE-2024-34883 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
| Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. | ||||
| CVE-2024-34887 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
| Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | ||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | 4.9 Medium |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2024-20462 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 5.5 Medium |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users. | ||||
| CVE-2024-31800 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-10-30 | 6.8 Medium |
| Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2024-47161 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 4.3 Medium |
| In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | ||||
| CVE-2024-34542 | 1 Advantech | 2 Adam-5630, Adam-5630 Firmware | 2024-10-07 | 5.7 Medium |
| Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | ||||
| CVE-2024-37187 | 1 Advantech | 2 Adam-5550, Adam-5550 Firmware | 2024-10-07 | 5.7 Medium |
| Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | ||||
| CVE-2024-39278 | 1 Echostar | 2 Fusion, Hughes Wl3000 | 2024-10-04 | 4.2 Medium |
| Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data. | ||||
| CVE-2024-20489 | 1 Cisco | 1 Ios Xr | 2024-10-03 | 8.4 High |
| A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials. | ||||
| CVE-2024-3082 | 1 Proges | 3 Sensor Net Connect, Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-09-30 | 4.2 Medium |
| A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | ||||
| CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2024-09-27 | 5.5 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | ||||
| CVE-2024-44815 | 2 Hathway, Skyworthdigital | 3 Skyworth Cm5100-511, Skyworth Cm5100-511 Firmware, Cm5100 Firmware | 2024-09-25 | 8 High |
| Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | ||||
| CVE-2024-47162 | 1 Jetbrains | 1 Youtrack | 2024-09-24 | 4.1 Medium |
| In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | ||||
| CVE-2024-8777 | 1 Syscomgo | 1 Omflow | 2024-09-20 | 7.5 High |
| OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials. | ||||