Total
1009 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-43631 | 1 Linuxfoundation | 1 Edge Virtualization Engine | 2023-12-10 | N/A | 8.8 HIGH |
On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could easily add their own keys and gain full control over the system without triggering the “measured boot” mechanism implemented by EVE OS, and without marking the device as “UUD” (“Unknown Update Detected”). This is because the “/config” partition is not protected by “measured boot”, it is mutable, and it is not encrypted in any way. An attacker can gain full control over the device without changing the PCR values, thus not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | |||||
CVE-2023-3251 | 1 Tenable | 1 Nessus | 2023-12-10 | N/A | 4.9 MEDIUM |
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. | |||||
CVE-2023-41010 | 1 Tianyisc | 2 Tewa-700g, Tewa-700g Firmware | 2023-12-10 | N/A | 5.5 MEDIUM |
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. | |||||
CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2023-12-10 | N/A | 8.2 HIGH |
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | |||||
CVE-2020-17477 | 1 Univention | 1 Ucs\@school | 2023-12-10 | N/A | 6.5 MEDIUM |
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. | |||||
CVE-2023-43634 | 1 Lfedge | 1 Eve | 2023-12-10 | N/A | 8.8 HIGH |
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault” | |||||
CVE-2023-43905 | 1 Writercms | 1 Writercms | 2023-12-10 | N/A | 7.5 HIGH |
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | |||||
CVE-2023-23370 | 1 Qnap | 1 Qvpn | 2023-12-10 | N/A | 4.4 MEDIUM |
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later | |||||
CVE-2023-38328 | 1 Egroupware | 1 Egroupware | 2023-12-10 | N/A | 4.9 MEDIUM |
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password. | |||||
CVE-2023-20965 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-33263 | 1 Wftpd Project | 1 Wftpd | 2023-12-10 | N/A | 7.5 HIGH |
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. | |||||
CVE-2023-2881 | 1 Pimcore | 1 Customer-data-framework | 2023-12-10 | N/A | 4.9 MEDIUM |
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | |||||
CVE-2023-25686 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-12-10 | N/A | 5.5 MEDIUM |
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. | |||||
CVE-2023-30776 | 1 Apache | 1 Superset | 2023-12-10 | N/A | 6.5 MEDIUM |
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. | |||||
CVE-2020-18406 | 1 Cmseasy | 1 Cmseasy | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | |||||
CVE-2023-1574 | 1 Devolutions | 1 Remote Desktop Manager | 2023-12-10 | N/A | 6.5 MEDIUM |
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | |||||
CVE-2021-33589 | 1 Ribose | 1 Rnp | 2023-12-10 | N/A | 7.5 HIGH |
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | |||||
CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-10 | N/A | 8.8 HIGH |
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | |||||
CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2023-12-10 | N/A | 9.8 CRITICAL |
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | |||||
CVE-2023-24506 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2023-12-10 | N/A | 7.5 HIGH |
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. |