Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27166 | 2024-06-14 | N/A | 7.4 HIGH | ||
| Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-25052 | 2024-06-13 | N/A | 4.4 MEDIUM | ||
| IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | |||||
| CVE-2024-26165 | 2024-06-11 | N/A | 8.8 HIGH | ||
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2024-4232 | 2024-06-05 | N/A | N/A | ||
| This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | |||||
| CVE-2023-4984 | 1 Didiglobal | 1 Knowsearch | 2024-05-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795. | |||||
| CVE-2023-39452 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-05-17 | N/A | 7.5 HIGH |
| The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application. | |||||
| CVE-2022-47561 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-05-17 | N/A | 5.5 MEDIUM |
| The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | |||||
| CVE-2024-4425 | 2024-05-14 | N/A | N/A | ||
| The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products. | |||||
| CVE-2024-28971 | 2024-05-08 | N/A | 3.5 LOW | ||
| Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2024-28961 | 2024-04-29 | N/A | 6.3 MEDIUM | ||
| Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-3625 | 2024-04-26 | N/A | 7.3 HIGH | ||
| A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance. | |||||
| CVE-2024-3623 | 2024-04-26 | N/A | 8.1 HIGH | ||
| A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. | |||||
| CVE-2024-3624 | 2024-04-26 | N/A | 7.3 HIGH | ||
| A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database. | |||||
| CVE-2024-3622 | 2024-04-26 | N/A | 8.8 HIGH | ||
| A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. | |||||
| CVE-2024-28782 | 2024-04-03 | N/A | 6.3 MEDIUM | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | |||||
| CVE-2024-25138 | 2024-03-27 | N/A | 6.5 MEDIUM | ||
| In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. | |||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2024-03-21 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7. | |||||
| CVE-2024-26133 | 2024-02-22 | N/A | 5.5 MEDIUM | ||
| EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied. | |||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-02-15 | N/A | 5.5 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | |||||
| CVE-2024-21869 | 1 Rapidscada | 1 Rapid Scada | 2024-02-07 | N/A | 5.5 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | |||||