Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6694 | 2024-07-22 | N/A | 2.7 LOW | ||
| The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment. | |||||
| CVE-2023-42955 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket. | |||||
| CVE-2024-32756 | 2024-07-02 | N/A | 6.8 MEDIUM | ||
| Under certain circumstances the Linux users credentials may be recovered by an authenticated user. | |||||
| CVE-2024-32932 | 2024-07-02 | N/A | 6.8 MEDIUM | ||
| Under certain circumstances the web interface users credentials may be recovered by an authenticated user. | |||||
| CVE-2023-23382 | 1 Microsoft | 1 Azure Machine Learning | 2024-05-29 | N/A | 6.5 MEDIUM |
| Azure Machine Learning Compute Instance Information Disclosure Vulnerability | |||||
| CVE-2023-21726 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Credential Manager User Interface Elevation of Privilege Vulnerability | |||||
| CVE-2024-32042 | 2024-05-16 | N/A | 4.9 MEDIUM | ||
| The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. | |||||
| CVE-2024-3543 | 2024-05-02 | N/A | 6.4 MEDIUM | ||
| Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. | |||||
| CVE-2024-1480 | 2024-04-22 | N/A | 7.5 HIGH | ||
| Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication. | |||||
| CVE-2023-38738 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2024-01-24 | N/A | 8.1 HIGH |
| IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | |||||
| CVE-2023-31001 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-01-18 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. | |||||
| CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | |||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||
| CVE-2023-2358 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2023-09-29 | N/A | 4.9 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | |||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2023-06-24 | N/A | 7.3 HIGH |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | |||||
| CVE-2023-2881 | 1 Pimcore | 1 Customer-data-framework | 2023-05-31 | N/A | 4.9 MEDIUM |
| Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | |||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2023-05-17 | N/A | 6.5 MEDIUM |
| A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2019-19096 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 3.6 LOW | 6.1 MEDIUM |
| The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | |||||
| CVE-2022-46142 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2023-03-14 | N/A | 5.7 MEDIUM |
| Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. | |||||
| CVE-2022-32519 | 1 Schneider-electric | 1 Data Center Expert | 2023-02-07 | N/A | 9.8 CRITICAL |
| A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||