Total
1186 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | ||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2024-11-21 | 6.8 Medium |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | ||||
| CVE-2013-4423 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 5.5 Medium |
| CloudForms stores user passwords in recoverable format | ||||
| CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2024-11-21 | 7.5 High |
| Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | ||||
| CVE-2013-3313 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 7.5 High |
| The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311. | ||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 7.5 High |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | ||||
| CVE-2013-2106 | 2 Debian, Stanford | 2 Debian Linux, Webauth | 2024-11-21 | 7.5 High |
| webauth before 4.6.1 has authentication credential disclosure | ||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2024-11-21 | 7.5 High |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | ||||
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-11-21 | 5.5 Medium |
| Claws Mail vCalendar plugin: credentials exposed on interface | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 5.5 Medium |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | ||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 5.5 Medium |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
| CVE-2021-1232 | 2024-11-18 | 6.5 Medium | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2022-45157 | 2024-11-13 | 9.1 Critical | ||
| A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments. | ||||
| CVE-2024-47588 | 2024-11-12 | 4.7 Medium | ||
| In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. | ||||
| CVE-2024-51240 | 1 Openwrt | 1 Luci | 2024-11-06 | 8 High |
| An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package | ||||
| CVE-2024-34882 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
| Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. | ||||
| CVE-2024-34883 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
| Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. | ||||
| CVE-2024-34887 | 2 Bitrix, Bitrix24 | 2 Bitrix24, Bitrix24 | 2024-11-06 | 6.8 Medium |
| Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | ||||
| CVE-2024-34885 | 1 Bitrix | 1 Bitrix24 | 2024-11-05 | 6.8 Medium |
| Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. | ||||