EUVD-2024-2350

Malicious code in bioql PyPI...

CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...

Credentials Exposure

Zowe CLI is vulnerable to a credentials exposure. The vulnerability is due to insecure storage of credentials in the Zowe CLI's auto-init operation, allowing attackers to access and potentially misuse sensitive information stored in a plaintext file...

GHSA-GHGQ-X6WC-6JR5 Zowe CLI allows storage of previously entered secure credentials in a plaintext file

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833

CVE-2024-6833 affects Zowe CLI. A local, privileged attacker can exploit an auto-init operation to cause credentials entered by a user to be written to a plaintext file, exposing sensitive information. The vulnerability is described as a credentials exposure via insecure storage in the auto-init ...

PT-2024-37892 · Zowe Cli · Zowe Cli

Name of the Vulnerable Software and Affected Versions: Zowe CLI affected versions not specified Description: A local, privileged actor can store previously entered secure credentials in a plaintext file as part of an auto-init operation. Recommendations: At the moment, there is no information abo...

CVE-2023-35765

PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials...

Command injection

PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials...

CVE-2023-35765

The CVE-2023-35765 issue affects PiiGAB M-Bus (notably the M-Bus SoftwarePack 900S). The root cause is plaintext storage of credentials, which could allow a low-privilege user to obtain admin credentials. Public sources at NVD/CVE and the ICS advisory describe the impact as enabling credential ex...

CVE-2023-22389

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–Backup Settings, which could be read by any user accessing the file...

USN-5709-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2022-42927, CVE-2022-42928,...

Mozilla Firefox Security Advisory (MFSA2022-44) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2021-0212 Contrail Networking: Administrator credentials are exposed in a plaintext file

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail...

CVE-2002-1449

eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt...

CA BrightStor ARCserve Backup Agent Credential Disclosure

The remote host has an accessible ARCSERVE$ share. Several versions of ARCserve store the backup agent username and password in a plaintext file on this share. An attacker may use this flaw to obtain the password file of the remote backup agent, and use it to gain privileges on this host. C Tenab...

Открытый пароль в Shiva

Открытый на чтение файл $SHIVAHOMEDIR/insnmgmt/shivaaccessmanager/radtac.ini содержит пароль корневой структуры LDAP в открытом тексте...

CVE-2000-0434

The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers...