Total
1210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22862 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2025-01-08 | 5.9 Medium |
| IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2025-01-08 | 4.6 Medium |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | ||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | 4.3 Medium |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | ||||
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | 4.4 Medium |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | ||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2025-01-06 | 3.7 Low |
| The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | ||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2025-01-03 | 7.3 High |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | ||||
| CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2025-01-03 | 5.9 Medium |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | ||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | 5.5 Medium |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | ||||
| CVE-2023-35348 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2025-01-01 | 6.5 Medium |
| Active Directory Federation Service Security Feature Bypass Vulnerability | ||||
| CVE-2018-20060 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Urllib3, Ansible Tower and 1 more | 2024-12-27 | N/A |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | ||||
| CVE-2023-37400 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 7.8 High |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. | ||||
| CVE-2019-17082 | 1 Opentext | 1 Accurev For Ldap Integration | 2024-12-17 | N/A |
| Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1. | ||||
| CVE-2023-41677 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-12-12 | 7.5 High |
| A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | ||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | 7.1 High |
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | ||||
| CVE-2023-48010 | 2024-12-11 | 9.8 Critical | ||
| STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | ||||
| CVE-2023-42955 | 1 Claris | 1 Filemaker Server | 2024-12-10 | 4.9 Medium |
| Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket. | ||||
| CVE-2024-53832 | 2024-12-10 | 4.6 Medium | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. | ||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 8.1 High |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | ||||
| CVE-2024-9677 | 1 Zyxel | 12 Uos, Usg Flex 100h, Usg Flex 100h Firmware and 9 more | 2024-12-05 | 5.5 Medium |
| The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out. | ||||
| CVE-2024-51545 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 10 Critical |
| Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||