Vulnerabilities (CVE)

Filtered by CWE-202
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6400 1 Finrota 1 Finrota 2024-11-12 N/A 7.5 HIGH
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.
CVE-2024-20388 1 Cisco 2 Firepower Management Center, Firepower Threat Defense 2024-11-05 N/A 5.3 MEDIUM
A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.
CVE-2024-1287 2024-08-01 N/A 6.5 MEDIUM
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.
CVE-2024-38897 2024-07-03 N/A 5.3 MEDIUM
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVE-2024-38895 2024-07-03 N/A 5.3 MEDIUM
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVE-2024-38892 2024-07-03 N/A 6.5 MEDIUM
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVE-2023-0785 1 Best Online News Portal Project 1 Best Online News Portal 2024-05-17 2.6 LOW 3.7 LOW
A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability.
CVE-2021-32743 2 Debian, Icinga 2 Debian Linux, Icinga 2024-02-04 6.5 MEDIUM 8.8 HIGH
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.
CVE-2021-1372 1 Cisco 2 Webex Meetings, Webex Meetings Server 2024-02-04 2.1 LOW 5.5 MEDIUM
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.