Total
932 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25532 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 7.5 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. | |||||
| CVE-2023-25531 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges. | |||||
| CVE-2022-47561 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2023-09-22 | N/A | 5.5 MEDIUM |
| ** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | |||||
| CVE-2023-41010 | 1 Tianyisc | 2 Tewa-700g, Tewa-700g Firmware | 2023-09-19 | N/A | 5.5 MEDIUM |
| Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. | |||||
| CVE-2018-20396 | 1 Telaum | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2023-09-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2023-09-08 | N/A | 5.5 MEDIUM |
| IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | |||||
| CVE-2023-3251 | 1 Tenable | 1 Nessus | 2023-09-01 | N/A | 4.9 MEDIUM |
| A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. | |||||
| CVE-2022-45611 | 1 Fresenius-kabi | 2 Pharmahelp, Pharmahelp Firmware | 2023-08-30 | N/A | 9.8 CRITICAL |
| An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | |||||
| CVE-2023-20965 | 1 Google | 1 Android | 2023-08-24 | N/A | 9.8 CRITICAL |
| In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40173 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-23 | N/A | 7.5 HIGH |
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-31492 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-08-23 | N/A | 6.5 MEDIUM |
| Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | |||||
| CVE-2023-40345 | 1 Jenkins | 1 Delphix | 2023-08-18 | N/A | 6.5 MEDIUM |
| Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-40347 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2023-08-18 | N/A | 6.5 MEDIUM |
| Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-36082 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | |||||
| CVE-2021-39045 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-08-08 | N/A | 5.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | |||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | |||||
| CVE-2022-30587 | 1 Gradle | 1 Gradle Enterprise | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | |||||
| CVE-2022-1413 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | |||||
| CVE-2021-45097 | 1 Knime | 1 Knime Server | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | |||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | |||||