152 matches found
CVE-2023-28090
An HPE OneView appliance dump may expose SNMPv3 read credentials...
Easy!Appointments uses hard-coded credentials
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0...
Design/Logic Flaw
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert Versions prior to V7.9.0...
CVE-2023-24425
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to...
CVE-2022-41653
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...
CVE-2022-40242 MegaRAC Default Credentials Vulnerability
MegaRAC Default Credentials Vulnerability...
Code injection
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...
CVE-2021-36783
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...
CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...
CVE-2022-34371
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise...
Design/Logic Flaw
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...
GHSA-CVH8-9J4X-5V4J Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with...
CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...
Schneider Electric Conext™ComBox 安全漏洞
The Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric France. A security vulnerability exists in the Schneider Electric Conext™ ComBox that stems from the presence of an insufficiently protected credentials vulnerability that could result i...
CVE-2021-33107
Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure vi...
CVE-2022-22554
Dell EMC System Update, version 1.9.2 and earlier, contains an Unprotected Storage of Credentials vulnerability. A local attacker with user privileges could potentially disclose user passwords. The affected component is the Dell EMC System Update application; the root cause is unprotected storage...
CVE-2022-22554
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords...
CVE-2021-41472
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters...
CVE-2022-0184
The CVE-2022-0184 issue affects KING JIM’s TEPRA PRO SR5900P and SR-R7900P label printers (SR5900P ≤1.080; SR-R7900P ≤1.030). The vulnerability is an insufficiently protected credentials flaw that could allow an attacker on an adjacent network to obtain credentials used to connect to the device’s...
CVE-2021-20826
Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...