Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2024-02-28 | N/A | 4.6 MEDIUM |
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | N/A | 7.5 HIGH |
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | |||||
CVE-2023-1518 | 1 Cpplusworld | 1 Kvms Pro | 2024-02-28 | N/A | 7.5 HIGH |
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. | |||||
CVE-2023-1778 | 1 Gajshield | 2 Data Security Firewall, Data Security Firewall Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | |||||
CVE-2022-45859 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-02-28 | N/A | 4.4 MEDIUM |
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | |||||
CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2024-02-28 | N/A | 5.9 MEDIUM |
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | |||||
CVE-2021-33589 | 1 Ribose | 1 Rnp | 2024-02-28 | N/A | 7.5 HIGH |
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | |||||
CVE-2023-2881 | 1 Pimcore | 1 Customer-data-framework | 2024-02-28 | N/A | 4.9 MEDIUM |
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | |||||
CVE-2023-28089 | 1 Hp | 1 Oneview | 2024-02-28 | N/A | 7.1 HIGH |
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | |||||
CVE-2023-28764 | 1 Sap | 1 Businessobjects | 2024-02-28 | N/A | 5.9 MEDIUM |
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | |||||
CVE-2023-20046 | 1 Cisco | 6 Asr 5000, Asr 5500, Asr 5700 and 3 more | 2024-02-28 | N/A | 8.8 HIGH |
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability. | |||||
CVE-2023-26567 | 1 Sangoma | 1 Freepbx Linux 7 | 2024-02-28 | N/A | 8.1 HIGH |
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | |||||
CVE-2022-40685 | 1 Intel | 1 Data Center Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
CVE-2020-18406 | 1 Cmseasy | 1 Cmseasy | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | |||||
CVE-2023-25495 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-02-28 | N/A | 4.9 MEDIUM |
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | |||||
CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2024-02-28 | N/A | 7.3 HIGH |
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | |||||
CVE-2023-2633 | 1 Jenkins | 1 Code Dx | 2024-02-28 | N/A | 4.3 MEDIUM |
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
CVE-2023-28090 | 1 Hp | 1 Oneview | 2024-02-28 | N/A | 5.5 MEDIUM |
An HPE OneView appliance dump may expose SNMPv3 read credentials | |||||
CVE-2023-24506 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. | |||||
CVE-2023-2335 | 1 42gears | 1 Surelock | 2024-02-28 | N/A | 7.5 HIGH |
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. |