Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | 4.4 Medium |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | ||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2025-01-06 | 3.7 Low |
| The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | ||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2025-01-03 | 7.3 High |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | ||||
| CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2025-01-03 | 5.9 Medium |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | ||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | 5.5 Medium |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | ||||
| CVE-2023-35348 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2025-01-01 | 6.5 Medium |
| Active Directory Federation Service Security Feature Bypass Vulnerability | ||||
| CVE-2018-20060 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Urllib3, Ansible Tower and 1 more | 2024-12-27 | N/A |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | ||||
| CVE-2023-37400 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 7.8 High |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. | ||||
| CVE-2019-17082 | 1 Opentext | 1 Accurev For Ldap Integration | 2024-12-17 | N/A |
| Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1. | ||||
| CVE-2023-41677 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-12-12 | 7.5 High |
| A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | ||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | 7.1 High |
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | ||||
| CVE-2023-48010 | 2024-12-11 | 9.8 Critical | ||
| STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | ||||
| CVE-2023-42955 | 1 Claris | 1 Filemaker Server | 2024-12-10 | 4.9 Medium |
| Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket. | ||||
| CVE-2024-53832 | 2024-12-10 | 4.6 Medium | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. | ||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 8.1 High |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | ||||
| CVE-2024-9677 | 1 Zyxel | 12 Uos, Usg Flex 100h, Usg Flex 100h Firmware and 9 more | 2024-12-05 | 5.5 Medium |
| The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out. | ||||
| CVE-2024-51545 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 10 Critical |
| Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2020-18406 | 1 Cmseasy | 1 Cmseasy | 2024-12-04 | 7.5 High |
| An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | ||||
| CVE-2024-11856 | 2024-12-02 | 3.7 Low | ||
| A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | ||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-11-29 | N/A |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | ||||