Total
1029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40173 | 2024-02-05 | N/A | 7.5 HIGH | ||
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-45611 | 1 Fresenius-kabi | 2 Pharmahelp, Pharmahelp Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
| An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | |||||
| CVE-2023-40347 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-02-05 | N/A | 6.5 MEDIUM |
| Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-37951 | 1 Jenkins | 1 Mabl | 2024-02-05 | N/A | 6.5 MEDIUM |
| Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2024-02-04 | N/A | 9.8 CRITICAL |
| A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | |||||
| CVE-2023-2632 | 1 Jenkins | 1 Code Dx | 2024-02-04 | N/A | 4.3 MEDIUM |
| Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2023-25407 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2024-02-04 | N/A | 7.2 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. | |||||
| CVE-2023-31136 | 1 Vapor | 1 Postgresnio | 2024-02-04 | N/A | 5.9 MEDIUM |
| PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. | |||||
| CVE-2023-1778 | 1 Gajshield | 2 Data Security Firewall, Data Security Firewall Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | |||||
| CVE-2023-32988 | 1 Jenkins | 1 Azure Vm Agents | 2024-02-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-33000 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-02-04 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2024-02-04 | N/A | 7.5 HIGH |
| The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | |||||
| CVE-2020-18406 | 1 Cmseasy | 1 Cmseasy | 2024-02-04 | N/A | 7.5 HIGH |
| An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | |||||
| CVE-2023-25686 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | N/A | 5.5 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. | |||||
| CVE-2022-40685 | 1 Intel | 1 Data Center Manager | 2024-02-04 | N/A | 6.5 MEDIUM |
| Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2023-30776 | 1 Apache | 1 Superset | 2024-02-04 | N/A | 6.5 MEDIUM |
| An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. | |||||
| CVE-2023-25495 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-02-04 | N/A | 4.9 MEDIUM |
| A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | |||||
| CVE-2023-28084 | 2 Hp, Hpe | 2 Oneview, Oneview Global Dashboard | 2024-02-04 | N/A | 5.5 MEDIUM |
| HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | |||||
| CVE-2023-31187 | 1 Avaya | 1 Ix Workforce Engagement | 2024-02-04 | N/A | 6.5 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | |||||
| CVE-2023-35789 | 1 Rabbitmq-c Project | 1 Rabbitmq-c | 2024-02-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | |||||