CWE:
 

Tytuł
Data
Autor
Low
Polar Flow Android 5.7.1 Secret Disclosure
20.08.2022
Karima Hebbal
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-09-30
Waiting for details
CVE-2024-8459

Updating...
 

 
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.

 
2024-09-26
Waiting for details
CVE-2024-7259

Updating...
 

 
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

 
2024-09-19
Waiting for details
CVE-2024-45862

Updating...
 

 
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.

 
2024-08-02
Waiting for details
CVE-2024-38877

Updating...
 

 
A vulnerability has been identified in Omnivise T3000 Application Server (All versions), Omnivise T3000 Domain Controller (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) (All versions), Omnivise T3000 Product Data Management (PDM) (All versions), Omnivise T3000 Security Server (All versions), Omnivise T3000 Terminal Server (All versions), Omnivise T3000 Thin Client (All versions), Omnivise T3000 Whitelisting Server (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.

 
2024-07-10
Waiting for details
CVE-2024-25023

Updating...
 

 
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

 
2024-05-14
Waiting for details
CVE-2024-4840

Updating...
 

 
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.

 
Waiting for details
CVE-2024-31486

Updating...
 

 
A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.

 
2024-04-26
Waiting for details
CVE-2024-4235

Updating...
 

 
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2024-04-19
Waiting for details
CVE-2023-37396

Updating...
 

 
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.

 
2024-04-18
Waiting for details
CVE-2024-3742

Updating...
 

 
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top