Total
1098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Claws Mail vCalendar plugin: credentials exposed on interface | |||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | |||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | |||||
| CVE-2021-1232 | 2024-11-18 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2022-45157 | 2024-11-13 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments. | |||||
| CVE-2024-47588 | 2024-11-12 | N/A | 4.7 MEDIUM | ||
| In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. | |||||
| CVE-2024-51240 | 2024-11-06 | N/A | 8.0 HIGH | ||
| An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package | |||||
| CVE-2024-34882 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-06 | N/A | 4.9 MEDIUM |
| Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. | |||||
| CVE-2024-34883 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-06 | N/A | 4.9 MEDIUM |
| Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. | |||||
| CVE-2024-34887 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-06 | N/A | 4.9 MEDIUM |
| Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | |||||
| CVE-2024-34885 | 2024-11-05 | N/A | 6.8 MEDIUM | ||
| Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. | |||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | N/A | 7.5 HIGH |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | |||||
| CVE-2024-20462 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 5.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users. | |||||
| CVE-2024-31800 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-10-30 | N/A | 6.8 MEDIUM |
| Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | |||||
| CVE-2023-49233 | 2024-10-24 | N/A | 8.8 HIGH | ||
| Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level. | |||||
| CVE-2024-43812 | 2024-10-23 | N/A | 8.4 HIGH | ||
| Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system. | |||||
| CVE-2024-44000 | 1 Litespeedtech | 1 Litespeed Cache | 2024-10-23 | N/A | 9.8 CRITICAL |
| Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. | |||||
| CVE-2024-7755 | 2024-10-18 | N/A | 8.2 HIGH | ||
| The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. | |||||
| CVE-2024-49396 | 2024-10-18 | N/A | N/A | ||
| The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. | |||||
| CVE-2024-47161 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | |||||