Total
1029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6259 | 2024-02-21 | N/A | 7.1 HIGH | ||
| Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3. | |||||
| CVE-2023-50291 | 1 Apache | 1 Solr | 2024-02-15 | N/A | 7.5 HIGH |
| Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' | |||||
| CVE-2023-4538 | 2024-02-15 | N/A | 6.2 MEDIUM | ||
| The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | |||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-02-15 | N/A | 5.5 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | |||||
| CVE-2023-27975 | 2024-02-14 | N/A | 7.1 HIGH | ||
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | |||||
| CVE-2024-23306 | 2024-02-14 | N/A | 4.4 MEDIUM | ||
| A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2020-15483 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-02-14 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access. | |||||
| CVE-2023-32280 | 2024-02-14 | N/A | 5.3 MEDIUM | ||
| Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access. | |||||
| CVE-2020-15024 | 1 Avast | 1 Antivirus | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. | |||||
| CVE-2021-34204 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-02-14 | 7.2 HIGH | 6.8 MEDIUM |
| D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. | |||||
| CVE-2022-30018 | 1 Mobotix | 1 Mxcontrolcenter | 2024-02-13 | 6.5 MEDIUM | 8.8 HIGH |
| Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations. | |||||
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2024-02-13 | N/A | 5.5 MEDIUM |
| Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. | |||||
| CVE-2024-24595 | 1 Clear | 1 Clearml | 2024-02-13 | N/A | 7.1 HIGH |
| Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | |||||
| CVE-2022-35411 | 1 Rpc.py Project | 1 Rpc.py | 2024-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. | |||||
| CVE-2000-0944 | 1 Cgi | 1 Script Center News Update | 2024-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | |||||
| CVE-2007-0681 | 1 Extcalendar Project | 1 Extcalendar | 2024-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | |||||
| CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2024-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | |||||
| CVE-2024-21869 | 1 Rapidscada | 1 Rapid Scada | 2024-02-07 | N/A | 5.5 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | |||||
| CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2024-02-05 | N/A | 6.5 MEDIUM |
| A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-16153 | 1 Apereo | 1 Opencast | 2024-02-05 | N/A | 7.5 HIGH |
| An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | |||||