Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2024-11-12 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||
| CVE-2024-20388 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2024-11-05 | N/A | 5.3 MEDIUM |
| A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset. | |||||
| CVE-2024-1287 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes. | |||||
| CVE-2024-38897 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. | |||||
| CVE-2024-38895 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. | |||||
| CVE-2024-38892 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. | |||||
| CVE-2021-32743 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule. | |||||
| CVE-2021-1372 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system. | |||||