Total
1110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | |||||
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | N/A | 4.4 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | |||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2025-01-03 | N/A | 7.3 HIGH |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | |||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | |||||
| CVE-2020-9250 | 2024-12-20 | N/A | 3.3 LOW | ||
| There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250. | |||||
| CVE-2023-37400 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | N/A | 7.8 HIGH |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. | |||||
| CVE-2019-17082 | 2024-12-17 | N/A | N/A | ||
| Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1. | |||||
| CVE-2023-41677 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-12-12 | N/A | 7.5 HIGH |
| A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | |||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | N/A | 7.1 HIGH |
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | |||||
| CVE-2023-48010 | 2024-12-11 | N/A | 9.8 CRITICAL | ||
| STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | |||||
| CVE-2024-50699 | 2024-12-11 | N/A | 8.0 HIGH | ||
| TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. | |||||
| CVE-2024-46341 | 2024-12-11 | N/A | 8.0 HIGH | ||
| TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. | |||||
| CVE-2023-42955 | 1 Claris | 1 Filemaker Server | 2024-12-10 | N/A | 4.9 MEDIUM |
| Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket. | |||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 8.1 HIGH |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | |||||
| CVE-2024-53832 | 2024-12-10 | N/A | 4.6 MEDIUM | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. | |||||
| CVE-2024-9677 | 1 Zyxel | 6 Uos, Usg Flex 100h, Usg Flex 200h and 3 more | 2024-12-05 | N/A | 5.5 MEDIUM |
| The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out. | |||||
| CVE-2024-51545 | 2024-12-05 | N/A | 10.0 CRITICAL | ||
| Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2024-11856 | 2024-12-02 | N/A | 3.7 LOW | ||
| A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | |||||
| CVE-2019-17497 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | |||||
| CVE-2021-1126 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. | |||||