Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46386 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-09-20 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||||
| CVE-2023-46388 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-09-20 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||||
| CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-09-18 | N/A | 7.5 HIGH |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | |||||
| CVE-2024-6921 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | |||||
| CVE-2020-3921 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2024-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | |||||
| CVE-2021-20407 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185. | |||||
| CVE-2022-47512 | 2 Microsoft, Solarwinds | 2 Windows, Solarwinds Platform | 2024-09-16 | N/A | 5.5 MEDIUM |
| Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected | |||||
| CVE-2023-5384 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2024-09-16 | N/A | 2.7 LOW |
| A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | |||||
| CVE-2021-22509 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 6.5 MEDIUM |
| A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-41629 | 1 Ti | 1 Fusion Digital Power Designer | 2024-09-13 | N/A | 5.5 MEDIUM |
| An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | |||||
| CVE-2024-45391 | 1 Tina | 1 Tina | 2024-09-12 | N/A | 7.5 HIGH |
| Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix. | |||||
| CVE-2024-33892 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2024-09-03 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3 | |||||
| CVE-2024-32939 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 3.7 LOW |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server." | |||||
| CVE-2024-5916 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-20 | N/A | 4.4 MEDIUM |
| An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. | |||||
| CVE-2024-41691 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system. | |||||
| CVE-2024-41690 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | |||||
| CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | |||||
| CVE-2024-41688 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-08-05 | N/A | 4.6 MEDIUM |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | |||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it. | |||||
| CVE-2021-27549 | 1 Genymobile | 1 Genymotion Desktop | 2024-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen | |||||