Total
1286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
|
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
|
|||||
| CVE-2023-37400 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | N/A | 7.8 HIGH |
|
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.
|
|||||
| CVE-2019-17082 | 2024-12-17 | N/A | N/A | ||
|
Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system
the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password.
This issue affects AccuRev: 2017.1.
|
|||||
| CVE-2023-41677 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-12-12 | N/A | 7.5 HIGH |
|
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack
|
|||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | N/A | 7.1 HIGH |
|
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.
|
|||||
| CVE-2023-48010 | 2024-12-11 | N/A | 9.8 CRITICAL | ||
|
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.
|
|||||
| CVE-2023-42955 | 1 Claris | 1 Filemaker Server | 2024-12-10 | N/A | 4.9 MEDIUM |
|
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.
|
|||||
| CVE-2024-9677 | 1 Zyxel | 6 Uos, Usg Flex 100h, Usg Flex 200h and 3 more | 2024-12-05 | N/A | 5.5 MEDIUM |
|
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.
|
|||||
| CVE-2024-51545 | 2024-12-05 | N/A | 10.0 CRITICAL | ||
|
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
|
|||||
| CVE-2024-11856 | 2024-12-02 | N/A | 3.7 LOW | ||
|
A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.
|
|||||
| CVE-2019-17497 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-27 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.
|
|||||
| CVE-2021-1126 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the crede ...
Show More |
|||||
| CVE-2024-6749 | 2024-11-26 | N/A | 6.3 MEDIUM | ||
|
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply.
Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
|
|||||
| CVE-2024-47142 | 2024-11-22 | N/A | 5.5 MEDIUM | ||
|
AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.
|
|||||
| CVE-2024-39290 | 2024-11-22 | N/A | 6.5 MEDIUM | ||
|
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.
|
|||||
| CVE-2024-5176 | 2024-11-21 | N/A | N/A | ||
|
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.
|
|||||
| CVE-2024-39879 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.0 MEDIUM |
|
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
|
|||||
| CVE-2024-39878 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.1 MEDIUM |
|
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
|
|||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.
|
|||||
| CVE-2024-38505 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A | 5.3 MEDIUM |
|
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
|
|||||
| CVE-2024-38453 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024.
|
|||||
| CVE-2024-38285 | 2024-11-21 | N/A | N/A | ||
|
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools.
|
|||||
| CVE-2024-38282 | 2024-11-21 | N/A | N/A | ||
|
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.
|
|||||
| CVE-2024-37051 | 1 Jetbrains | 13 Aqua, Clion, Datagrip and 10 more | 2024-11-21 | N/A | 9.3 CRITICAL |
|
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, ...
Show More |
|||||
| CVE-2024-36127 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.
|
|||||
| CVE-2024-36081 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
|
|||||
| CVE-2024-35208 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords.
|
|||||
| CVE-2024-35192 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
|
Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if ...
Show More |
|||||
| CVE-2024-33849 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
|
|||||
| CVE-2024-33497 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating M ...
Show More |
|||||
| CVE-2024-33496 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating M ...
Show More |
|||||
| CVE-2024-32238 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
|
|||||
| CVE-2024-30119 | 2024-11-21 | N/A | 3.7 LOW | ||
|
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection.
|
|||||
| CVE-2024-29941 | 2024-11-21 | N/A | 8.0 HIGH | ||
|
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows malicious actors to create credentials for any site code and card number that is using the default
ICT encryption.
|
|||||
| CVE-2024-29216 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.
|
|||||
| CVE-2024-28325 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
|
|||||
| CVE-2024-27109 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
Insufficiently protected credentials in GE HealthCare EchoPAC products
|
|||||
| CVE-2024-26330 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.
|
|||||
| CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | N/A | 4.4 MEDIUM |
|
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.
|
|||||
| CVE-2024-24595 | 1 Clear | 1 Clearml | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
|
|||||