Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37135 | 2024-08-01 | N/A | 3.3 LOW | ||
| DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2024-39220 | 2024-07-09 | N/A | 6.5 MEDIUM | ||
| BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request. | |||||
| CVE-2024-27166 | 2024-07-04 | N/A | 7.4 HIGH | ||
| Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-4425 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products. | |||||
| CVE-2024-4232 | 2024-07-03 | N/A | 4.1 MEDIUM | ||
| This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | |||||
| CVE-2024-28736 | 2024-07-03 | N/A | 7.1 HIGH | ||
| An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. | |||||
| CVE-2024-28325 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | |||||
| CVE-2022-0555 | 2024-07-03 | N/A | 8.4 HIGH | ||
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | |||||
| CVE-2024-26165 | 2024-06-11 | N/A | 8.8 HIGH | ||
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2023-4984 | 1 Didiglobal | 1 Knowsearch | 2024-05-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795. | |||||
| CVE-2024-28971 | 2024-05-08 | N/A | 3.5 LOW | ||
| Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2024-28961 | 2024-04-29 | N/A | 6.3 MEDIUM | ||
| Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-3625 | 2024-04-26 | N/A | 7.3 HIGH | ||
| A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance. | |||||
| CVE-2024-3624 | 2024-04-26 | N/A | 7.3 HIGH | ||
| A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database. | |||||
| CVE-2024-3622 | 2024-04-26 | N/A | 8.8 HIGH | ||
| A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. | |||||
| CVE-2024-3623 | 2024-04-26 | N/A | 8.1 HIGH | ||
| A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. | |||||
| CVE-2024-28782 | 2024-04-03 | N/A | 6.3 MEDIUM | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | |||||
| CVE-2024-25138 | 2024-03-27 | N/A | 6.5 MEDIUM | ||
| In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. | |||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2024-03-21 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7. | |||||
| CVE-2023-39227 | 1 Softneta | 1 Meddream Pacs | 2024-02-28 | N/A | 7.5 HIGH |
| ?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials. | |||||