Total
491 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-46388 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||||
CVE-2023-46386 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||||
CVE-2023-46384 | 1 Loytec | 1 L-inx Configurator | 2023-12-14 | N/A | 7.5 HIGH |
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. | |||||
CVE-2023-47312 | 1 H-mdm | 1 Headwind Mdm | 2023-12-10 | N/A | 6.5 MEDIUM |
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries. | |||||
CVE-2023-48707 | 1 Codeigniter | 1 Shield | 2023-12-10 | N/A | 6.5 MEDIUM |
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-44037 | 1 Zpesystems | 1 Nodegrid Os | 2023-12-10 | N/A | 7.5 HIGH |
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. | |||||
CVE-2023-44153 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 7.5 HIGH |
Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
CVE-2023-3950 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 3.8 LOW |
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. | |||||
CVE-2023-30367 | 1 Mremoteng | 1 Mremoteng | 2023-12-10 | N/A | 7.5 HIGH |
Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. | |||||
CVE-2023-44159 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-12-10 | N/A | 7.5 HIGH |
Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 7.5 HIGH |
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | |||||
CVE-2023-39144 | 1 Element55 | 1 Knowmore | 2023-12-10 | N/A | 7.5 HIGH |
Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. | |||||
CVE-2023-37468 | 1 Thm | 1 Feedbacksystem | 2023-12-10 | N/A | 5.5 MEDIUM |
Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2. | |||||
CVE-2023-4400 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2023-12-10 | N/A | 6.5 MEDIUM |
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files. | |||||
CVE-2023-32483 | 1 Dell | 1 Wyse Management Suite | 2023-12-10 | N/A | 4.4 MEDIUM |
Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files. | |||||
CVE-2023-2358 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2023-12-10 | N/A | 4.9 MEDIUM |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | |||||
CVE-2023-39379 | 1 Fujitsu | 1 Software Infrastructure Manager | 2023-12-10 | N/A | 7.5 HIGH |
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. | |||||
CVE-2023-36136 | 1 Phpjabbers | 1 Class Scheduling System | 2023-12-10 | N/A | 6.5 MEDIUM |
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | |||||
CVE-2023-46653 | 1 Jenkins | 1 Lambdatest-automation | 2023-12-10 | N/A | 6.5 MEDIUM |
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | |||||
CVE-2023-40715 | 1 Fortinet | 1 Fortitester | 2023-12-10 | N/A | 5.5 MEDIUM |
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device. |