Total
180 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3624 | 2024-11-21 | N/A | 7.3 HIGH | ||
| A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database. | |||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
| CVE-2024-39220 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request. | |||||
| CVE-2024-36081 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network. | |||||
| CVE-2024-28736 | 2024-11-21 | N/A | 7.1 HIGH | ||
| An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. | |||||
| CVE-2024-28325 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | |||||
| CVE-2024-27166 | 2024-11-21 | N/A | 7.4 HIGH | ||
| Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-25138 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. | |||||
| CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | N/A | 4.4 MEDIUM |
| IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | |||||
| CVE-2024-22432 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 7.8 HIGH |
| Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | |||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | N/A | 4.4 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | |||||
| CVE-2024-21869 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 6.2 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | |||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2024-11-21 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7. | |||||
| CVE-2023-4984 | 1 Didiglobal | 1 Knowsearch | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795. | |||||
| CVE-2023-4918 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. | |||||
| CVE-2023-4400 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2024-11-21 | N/A | 6.2 MEDIUM |
| A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files. | |||||
| CVE-2023-48700 | 1 Nautobot | 1 Nautobot-plugin-device-onboarding | 2024-11-21 | N/A | 5.7 MEDIUM |
| The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials. | |||||
| CVE-2023-44300 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2023-43777 | 1 Eaton | 1 Easysoft | 2024-11-21 | N/A | 5.9 MEDIUM |
| Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. | |||||
| CVE-2023-42493 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | N/A | 7.1 HIGH |
| EisBaer Scada - CWE-256: Plaintext Storage of a Password | |||||