Total
1098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36266 | 1 Keepersecurity | 2 Keeper, Keeperfill | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information). | |||||
| CVE-2023-36082 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | |||||
| CVE-2023-35348 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | N/A | 6.5 MEDIUM |
| Active Directory Federation Service Security Feature Bypass Vulnerability | |||||
| CVE-2023-34128 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | |||||
| CVE-2023-33264 | 1 Hazelcast | 1 Hazelcast | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | |||||
| CVE-2023-32687 | 1 Tgstation13 | 1 Tgstation-server | 2024-11-21 | N/A | 7.7 HIGH |
| tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety. | |||||
| CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | |||||
| CVE-2023-32268 | 1 Microfocus | 1 Filr | 2024-11-21 | N/A | 7.2 HIGH |
| Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | |||||
| CVE-2023-31824 | 1 Dericia | 1 Delicia | 2024-11-21 | N/A | 7.5 HIGH |
| An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function. | |||||
| CVE-2023-31492 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | N/A | 6.5 MEDIUM |
| Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | |||||
| CVE-2023-31187 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 6.5 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | |||||
| CVE-2023-31136 | 1 Vapor | 1 Postgresnio | 2024-11-21 | N/A | 3.7 LOW |
| PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. | |||||
| CVE-2023-30776 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 4.9 MEDIUM |
| An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. | |||||
| CVE-2023-2881 | 1 Pimcore | 1 Customer-data-framework | 2024-11-21 | N/A | 4.9 MEDIUM |
| Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | |||||
| CVE-2023-2633 | 1 Jenkins | 1 Code Dx | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-2632 | 1 Jenkins | 1 Code Dx | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2023-2335 | 1 42gears | 1 Surelock | 2024-11-21 | N/A | 6.5 MEDIUM |
| Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | |||||
| CVE-2023-29447 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-11-21 | N/A | 5.7 MEDIUM |
| An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | |||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 3.7 LOW |
| The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | |||||