Total
984 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-09-18 | N/A | 5.5 MEDIUM |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
CVE-2024-39879 | 1 Jetbrains | 1 Teamcity | 2024-09-17 | N/A | 5.3 MEDIUM |
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | |||||
CVE-2024-39878 | 1 Jetbrains | 1 Teamcity | 2024-09-17 | N/A | 5.3 MEDIUM |
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | |||||
CVE-2021-32039 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 2.1 LOW | 5.5 MEDIUM |
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 | |||||
CVE-2024-31415 | 2024-09-14 | N/A | 6.3 MEDIUM | ||
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | |||||
CVE-2024-28981 | 2024-09-12 | N/A | 8.5 HIGH | ||
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | |||||
CVE-2023-43905 | 1 Writercms | 1 Writercms | 2024-09-11 | N/A | 7.5 HIGH |
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | |||||
CVE-2024-39818 | 1 Zoom | 4 Rooms, Workplace, Workplace Desktop and 1 more | 2024-09-11 | N/A | 6.5 MEDIUM |
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | |||||
CVE-2019-14929 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-09-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. | |||||
CVE-2024-40710 | 2024-09-09 | N/A | 8.8 HIGH | ||
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | |||||
CVE-2024-39278 | 2024-09-06 | N/A | 4.2 MEDIUM | ||
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data. | |||||
CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | N/A | 9.1 CRITICAL |
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | |||||
CVE-2024-36081 | 2024-08-26 | N/A | 9.8 CRITICAL | ||
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network. | |||||
CVE-2024-38505 | 1 Jetbrains | 1 Youtrack | 2024-08-23 | N/A | 7.5 HIGH |
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | |||||
CVE-2024-7813 | 1 Prison Management System Project | 1 Prison Management System | 2024-08-19 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-40704 | 1 Ibm | 1 Infosphere Information Server | 2024-08-15 | N/A | 4.9 MEDIUM |
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | |||||
CVE-2024-3082 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-08-12 | N/A | 4.6 MEDIUM |
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext. | |||||
CVE-2019-16572 | 1 Jenkins | 1 Weibo | 2024-08-09 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-07 | N/A | 4.4 MEDIUM |
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | |||||
CVE-2024-35208 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-06 | N/A | 5.5 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. |