Total
1180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49396 | 1 Elvaco | 1 Cme3100 Firmware | 2024-10-18 | N/A |
| The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. | ||||
| CVE-2024-47161 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 4.3 Medium |
| In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | ||||
| CVE-2024-34542 | 1 Advantech | 2 Adam-5630, Adam-5630 Firmware | 2024-10-07 | 5.7 Medium |
| Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | ||||
| CVE-2024-37187 | 1 Advantech | 2 Adam-5550, Adam-5550 Firmware | 2024-10-07 | 5.7 Medium |
| Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | ||||
| CVE-2024-39278 | 1 Echostar | 2 Fusion, Hughes Wl3000 | 2024-10-04 | 4.2 Medium |
| Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data. | ||||
| CVE-2024-20489 | 1 Cisco | 1 Ios Xr | 2024-10-03 | 8.4 High |
| A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials. | ||||
| CVE-2024-3082 | 1 Proges | 3 Sensor Net Connect, Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-09-30 | 4.2 Medium |
| A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | ||||
| CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2024-09-27 | 5.5 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | ||||
| CVE-2024-9014 | 1 Postgresql | 1 Pgadmin 4 | 2024-09-26 | 9.9 Critical |
| pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. | ||||
| CVE-2024-44815 | 2 Hathway, Skyworthdigital | 3 Skyworth Cm5100-511, Skyworth Cm5100-511 Firmware, Cm5100 Firmware | 2024-09-25 | 8 High |
| Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | ||||
| CVE-2024-47162 | 1 Jetbrains | 1 Youtrack | 2024-09-24 | 4.1 Medium |
| In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | ||||
| CVE-2024-8777 | 1 Syscomgo | 1 Omflow | 2024-09-20 | 7.5 High |
| OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials. | ||||
| CVE-2024-8986 | 2024-09-20 | 5.5 Medium | ||
| The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. | ||||
| CVE-2024-31415 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-19 | 6.3 Medium |
| The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | ||||
| CVE-2024-28981 | 2024-09-12 | 8.5 High | ||
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | ||||
| CVE-2024-39818 | 1 Zoom | 6 Rooms, Vdi Windows Meeting Client, Workplace and 3 more | 2024-09-11 | 7.5 High |
| Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | ||||
| CVE-2024-40710 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
| A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | ||||
| CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 9.1 Critical |
| A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | ||||
| CVE-2024-7813 | 2 Prison Management System Project, Sourcecodester | 2 Prison Management System, Prison Management System | 2024-08-19 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40704 | 1 Ibm | 1 Infosphere Information Server | 2024-08-15 | 4.9 Medium |
| IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | ||||