Total
1001 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32039 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 2.1 LOW | 5.5 MEDIUM |
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 | |||||
CVE-2023-49106 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2024-01-23 | N/A | 7.5 HIGH |
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04. | |||||
CVE-2023-50125 | 1 Hozard | 1 Alarm System | 2024-01-19 | N/A | 5.9 MEDIUM |
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. | |||||
CVE-2023-29447 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-01-18 | N/A | 5.3 MEDIUM |
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | |||||
CVE-2022-45611 | 1 Fresenius-kabi | 2 Pharmahelp, Pharmahelp Firmware | 2024-01-10 | N/A | 9.8 CRITICAL |
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | |||||
CVE-2023-6421 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-01-08 | N/A | 7.5 HIGH |
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | |||||
CVE-2022-39820 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | N/A | 6.5 MEDIUM |
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | |||||
CVE-2021-1731 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
PFX Encryption Security Feature Bypass Vulnerability | |||||
CVE-2019-10206 | 3 Debian, Opensuse, Redhat | 4 Debian Linux, Backports Sle, Leap and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. | |||||
CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2023-12-28 | 4.0 MEDIUM | 8.1 HIGH |
<p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a> on an Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p> <p>Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application.</p> <p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p> <p>For more details on this issue, please refer to the <a href="https://aka.ms/CVE-2021-42306-AAD">MSRC Blog Entry</a>.</p> | |||||
CVE-2023-47741 | 1 Ibm | 2 Db2 Mirror For I, I | 2023-12-22 | N/A | 5.3 MEDIUM |
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. | |||||
CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2023-12-22 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2023-12-22 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2023-12-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
CVE-2021-25284 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2023-12-21 | 1.9 LOW | 4.4 MEDIUM |
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | |||||
CVE-2023-6791 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-18 | N/A | 4.9 MEDIUM |
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | |||||
CVE-2023-50770 | 1 Jenkins | 1 Openid | 2023-12-18 | N/A | 6.7 MEDIUM |
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | |||||
CVE-2023-47577 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2023-12-18 | N/A | 9.8 CRITICAL |
An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. |