Total
1272 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29992 | 1 Microsoft | 1 Azure Identity Library For .net | 2025-01-09 | N/A | 5.5 MEDIUM |
| Azure Identity Library for .NET Information Disclosure Vulnerability | |||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2025-01-08 | N/A | 4.6 MEDIUM |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | |||||
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | N/A | 4.4 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | |||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2025-01-03 | N/A | 7.3 HIGH |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | |||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | |||||
| CVE-2023-37400 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | N/A | 7.8 HIGH |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. | |||||
| CVE-2023-41677 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-12-12 | N/A | 7.5 HIGH |
| A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | |||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | N/A | 7.1 HIGH |
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | |||||
| CVE-2023-42955 | 1 Claris | 1 Filemaker Server | 2024-12-10 | N/A | 4.9 MEDIUM |
| Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket. | |||||
| CVE-2024-9677 | 1 Zyxel | 6 Uos, Usg Flex 100h, Usg Flex 200h and 3 more | 2024-12-05 | N/A | 5.5 MEDIUM |
| The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out. | |||||
| CVE-2024-51545 | 2024-12-05 | N/A | 10.0 CRITICAL | ||
| Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2019-17497 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | |||||
| CVE-2021-1126 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. | |||||
| CVE-2024-39879 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.0 MEDIUM |
| In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | |||||
| CVE-2024-39878 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.1 MEDIUM |
| In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | |||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
| CVE-2024-38505 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A | 5.3 MEDIUM |
| In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | |||||
| CVE-2024-37051 | 1 Jetbrains | 13 Aqua, Clion, Datagrip and 10 more | 2024-11-21 | N/A | 9.3 CRITICAL |
| GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 | |||||
| CVE-2024-35208 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. | |||||