Total
1151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40347 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-11-21 | N/A | 6.5 MEDIUM |
| Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-40345 | 1 Jenkins | 1 Delphix | 2024-11-21 | N/A | 6.5 MEDIUM |
| Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-40173 | 1 Fobybus | 1 Social-media-skeleton | 2024-11-21 | N/A | 7.5 HIGH |
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-3251 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A | 4.1 MEDIUM |
| A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. | |||||
| CVE-2023-38328 | 1 Egroupware | 1 Egroupware | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password. | |||||
| CVE-2023-37951 | 1 Jenkins | 1 Mabl | 2024-11-21 | N/A | 6.5 MEDIUM |
| Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-36476 | 1 Nixos | 1 Calamares-nixos-extensions | 2024-11-21 | N/A | 7.9 HIGH |
| calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves. | |||||
| CVE-2023-36266 | 1 Keepersecurity | 2 Keeper, Keeperfill | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information). | |||||
| CVE-2023-36082 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | |||||
| CVE-2023-35348 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | N/A | 6.5 MEDIUM |
| Active Directory Federation Service Security Feature Bypass Vulnerability | |||||
| CVE-2023-35067 | 1 Infodrom | 1 E-invoice Approval System | 2024-11-21 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701. | |||||
| CVE-2023-34128 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | |||||
| CVE-2023-33264 | 1 Hazelcast | 1 Hazelcast | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | |||||
| CVE-2023-32687 | 1 Tgstation13 | 1 Tgstation-server | 2024-11-21 | N/A | 7.7 HIGH |
| tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety. | |||||
| CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | |||||
| CVE-2023-32280 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access. | |||||
| CVE-2023-32268 | 1 Microfocus | 1 Filr | 2024-11-21 | N/A | 7.2 HIGH |
| Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | |||||
| CVE-2023-31824 | 1 Dericia | 1 Delicia | 2024-11-21 | N/A | 7.5 HIGH |
| An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function. | |||||
| CVE-2023-31492 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | N/A | 6.5 MEDIUM |
| Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | |||||