Total
985 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22432 | 1 Dell | 1 Networker | 2024-02-28 | N/A | 6.5 MEDIUM |
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | |||||
CVE-2023-50125 | 1 Hozard | 1 Alarm System | 2024-02-28 | N/A | 5.9 MEDIUM |
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. | |||||
CVE-2022-39820 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-02-28 | N/A | 6.5 MEDIUM |
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | |||||
CVE-2023-44300 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2024-02-28 | N/A | 5.5 MEDIUM |
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2023-47722 | 1 Ibm | 1 Api Connect | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. | |||||
CVE-2023-47741 | 1 Ibm | 2 Db2 Mirror For I, I | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. | |||||
CVE-2018-16153 | 1 Apereo | 1 Opencast | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | |||||
CVE-2023-6421 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-02-28 | N/A | 7.5 HIGH |
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | |||||
CVE-2023-50291 | 1 Apache | 1 Solr | 2024-02-28 | N/A | 7.5 HIGH |
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' | |||||
CVE-2023-32268 | 1 Microfocus | 1 Filr | 2024-02-28 | N/A | 7.2 HIGH |
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | |||||
CVE-2023-47577 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. | |||||
CVE-2023-27975 | 2024-02-28 | N/A | 7.1 HIGH | ||
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | |||||
CVE-2023-29055 | 1 Apache | 1 Kylin | 2024-02-28 | N/A | 7.5 HIGH |
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials. To avoid this threat, users are recommended to * Always turn on HTTPS so that network payload is encrypted. * Avoid putting credentials in kylin.properties, or at least not in plain text. * Use network firewalls to protect the serverside such that it is not accessible to external attackers. * Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface. | |||||
CVE-2023-50770 | 1 Jenkins | 1 Openid | 2024-02-28 | N/A | 6.7 MEDIUM |
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | |||||
CVE-2023-6254 | 1 Otrs | 1 Otrs | 2024-02-28 | N/A | 7.5 HIGH |
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | |||||
CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | |||||
CVE-2024-24595 | 1 Clear | 1 Clearml | 2024-02-28 | N/A | 7.1 HIGH |
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | |||||
CVE-2023-49653 | 1 Jenkins | 1 Jira | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
CVE-2023-44303 | 1 Robware | 1 Rvtools | 2024-02-28 | N/A | 7.5 HIGH |
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. | |||||
CVE-2023-1633 | 2 Openstack, Redhat | 2 Barbican, Openstack Platform | 2024-02-28 | N/A | 5.5 MEDIUM |
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. |