Total
146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50945 | 3 Ibm, Linux, Microsoft | 4 Aix, Common Licensing, Linux Kernel and 1 more | 2025-03-11 | N/A | 6.2 MEDIUM |
| IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2024-53292 | 1 Dell | 1 Vxrail Hyperconverged Infrastructure | 2025-02-04 | N/A | 7.2 HIGH |
| Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account. | |||||
| CVE-2024-26133 | 1 Kurrent | 1 Eventstoredb | 2025-02-04 | N/A | 5.5 MEDIUM |
| EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied. | |||||
| CVE-2024-28961 | 1 Dell | 1 Openmanage Enterprise | 2025-02-03 | N/A | 6.3 MEDIUM |
| Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-28971 | 1 Dell | 1 Openmanage Enterprise Update Manager | 2025-01-27 | N/A | 3.5 LOW |
| Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-21111 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
| Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-21102 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
| Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | |||||
| CVE-2024-26165 | 1 Microsoft | 1 Visual Studio Code | 2024-12-27 | N/A | 8.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2024-37135 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2024-11-22 | N/A | 3.3 LOW |
| DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
| CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | N/A | 4.4 MEDIUM |
| IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | |||||
| CVE-2023-4984 | 1 Didiglobal | 1 Knowsearch | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795. | |||||
| CVE-2023-42493 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | N/A | 7.1 HIGH |
| EisBaer Scada - CWE-256: Plaintext Storage of a Password | |||||
| CVE-2023-39452 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application. | |||||
| CVE-2023-39227 | 1 Softneta | 1 Meddream Pacs | 2024-11-21 | N/A | 6.1 MEDIUM |
| ?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials. | |||||
| CVE-2023-35765 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. | |||||
| CVE-2023-22389 | 1 Snapav | 2 Wattbox Wb-300-ip-3, Wattbox Wb-300-ip-3 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file. | |||||
| CVE-2022-43958 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.6 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users. | |||||
| CVE-2022-31044 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | |||||