Total
536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36790 | 2024-08-14 | N/A | 8.8 HIGH | ||
| Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | |||||
| CVE-2024-38877 | 2024-08-13 | N/A | 8.2 HIGH | ||
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. | |||||
| CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-08-06 | N/A | 5.5 MEDIUM |
| A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | |||||
| CVE-2024-41691 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system. | |||||
| CVE-2024-41690 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | |||||
| CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | |||||
| CVE-2024-41688 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | |||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it. | |||||
| CVE-2021-27549 | 1 Genymobile | 1 Genymotion Desktop | 2024-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen | |||||
| CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2024-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-22084 | 2024-08-03 | N/A | 7.5 HIGH | ||
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. | |||||
| CVE-2022-45868 | 1 H2database | 1 H2 | 2024-08-03 | N/A | 7.8 HIGH |
| The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220. | |||||
| CVE-2022-29620 | 1 Filezilla-project | 1 Filezilla Client | 2024-08-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability | |||||
| CVE-2023-24055 | 1 Keepass | 1 Keepass | 2024-08-02 | N/A | 5.5 MEDIUM |
| KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC. | |||||
| CVE-2024-28387 | 2024-08-01 | N/A | 7.5 HIGH | ||
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | |||||
| CVE-2024-31587 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. | |||||
| CVE-2020-11924 | 1 Wizconnected | 2 Colors A60, Colors A60 Firmware | 2024-07-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | |||||
| CVE-2020-11923 | 1 Wizconnected | 1 Wiz | 2024-07-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | |||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 6.5 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
| CVE-2024-39674 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
| Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||