Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50945 | 3 Ibm, Linux, Microsoft | 4 Aix, Common Licensing, Linux Kernel and 1 more | 2025-03-11 | N/A | 6.2 MEDIUM |
| IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2024-41336 | 2025-02-28 | N/A | 7.5 HIGH | ||
| Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext. | |||||
| CVE-2024-10334 | 2025-02-10 | N/A | 7.3 HIGH | ||
| A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X. | |||||
| CVE-2024-53292 | 1 Dell | 1 Vxrail Hyperconverged Infrastructure | 2025-02-04 | N/A | 7.2 HIGH |
| Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account. | |||||
| CVE-2024-26133 | 1 Kurrent | 1 Eventstoredb | 2025-02-04 | N/A | 5.5 MEDIUM |
| EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied. | |||||
| CVE-2024-28961 | 1 Dell | 1 Openmanage Enterprise | 2025-02-03 | N/A | 6.3 MEDIUM |
| Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-28971 | 1 Dell | 1 Openmanage Enterprise Update Manager | 2025-01-27 | N/A | 3.5 LOW |
| Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-21111 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
| Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-21102 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
| Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2024-43659 | 2025-01-09 | N/A | 7.2 HIGH | ||
| After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue affects Iocharger firmware for AC models before firmware version 25010801. The issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models. Likelihood: Moderate – The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using <redacted>.sh) to gain access to the <redacted>.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels. Impact: Critical – All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System → Custom page. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the "super user" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | |||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | |||||
| CVE-2024-26165 | 1 Microsoft | 1 Visual Studio Code | 2024-12-27 | N/A | 8.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2024-52361 | 2024-12-18 | N/A | 5.7 MEDIUM | ||
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | |||||
| CVE-2023-50956 | 2024-12-18 | N/A | 4.4 MEDIUM | ||
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | |||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 8.1 HIGH |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | |||||
| CVE-2024-11982 | 2024-11-29 | N/A | 7.2 HIGH | ||
| Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords. | |||||
| CVE-2024-36464 | 2024-11-27 | N/A | 2.7 LOW | ||
| When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. | |||||
| CVE-2024-5960 | 1 Elizsoftware | 1 Panel | 2024-11-27 | N/A | 5.5 MEDIUM |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. | |||||
| CVE-2024-29978 | 2024-11-26 | N/A | 5.9 MEDIUM | ||
| User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2024-49351 | 2024-11-26 | N/A | 5.5 MEDIUM | ||
| IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. | |||||