Export limit exceeded: 21426 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4509 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41689 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | 4.6 Medium |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | ||||
| CVE-2024-41688 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | 4.6 Medium |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | ||||
| CVE-2024-41687 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2024-11-21 | 7.5 High |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | ||||
| CVE-2024-41629 | 2 Texas Instruments, Ti | 2 Fusion Digital Power Designer, Fusion Digital Power Designer | 2024-11-21 | 6.6 Medium |
| An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | ||||
| CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-11-21 | 4.1 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | ||||
| CVE-2024-39674 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.2 Medium |
| Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-38280 | 2 Motorola, Motorolasolutions | 3 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware, Vigilant Fixed Lpr Coms Box | 2024-11-21 | 4.6 Medium |
| An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. | ||||
| CVE-2024-37393 | 1 Securenvoy | 2 Mfa, Multi-factor Authentication Solutions | 2024-11-21 | 9.8 Critical |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | ||||
| CVE-2024-37163 | 1 Opensourcelabs | 1 Skyscraper | 2024-11-21 | 6.4 Medium |
| SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0. | ||||
| CVE-2024-32946 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-21 | 5.9 Medium |
| A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks. | ||||
| CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.9 Medium |
| A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | ||||
| CVE-2024-28024 | 2 Hitachi Energy, Hitachienergy | 4 Foxman-un, Unem, Foxman-un and 1 more | 2024-11-21 | 4.1 Medium |
| A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | ||||
| CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | 5.5 Medium |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||
| CVE-2023-6874 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 7.5 High |
| Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | ||||
| CVE-2023-6250 | 1 Bestwebsoft | 1 Like \& Share | 2024-11-21 | 7.5 High |
| The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | ||||
| CVE-2023-6248 | 1 Digitalcomtech | 2 Syrus 4g Iot Telematics Gateway, Syrus 4g Iot Telematics Gateway Firmware | 2024-11-21 | 10 Critical |
| The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts ) | ||||
| CVE-2023-6094 | 1 Moxa | 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. | ||||
| CVE-2023-5461 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5100 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | 5.9 Medium |
| Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | ||||
| CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-11-21 | 3.1 Low |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | ||||