Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-44815 | Insufficiently Protected Credentials vulnerability in Hathway Skyworth Cm5100-511 Firmware 4.1.1.24 Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | 4.6 |
| 2024-09-05 | CVE-2024-39278 | Insufficiently Protected Credentials vulnerability in Echostar Fusion Credentials to access device configuration information stored unencrypted in flash memory. | 4.6 |
| 2024-08-15 | CVE-2024-40704 | Insufficiently Protected Credentials vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2 IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. | 4.9 |
| 2024-08-15 | CVE-2024-7813 | Insufficiently Protected Credentials vulnerability in Prison Management System Project Prison Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. | 7.5 |
| 2024-08-14 | CVE-2024-39818 | Insufficiently Protected Credentials vulnerability in Zoom products Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | 6.5 |
| 2024-08-12 | CVE-2024-36460 | Insufficiently Protected Credentials vulnerability in Zabbix The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | 8.1 |
| 2024-08-05 | CVE-2024-6118 | Insufficiently Protected Credentials vulnerability in Hamastar Meetinghub Paperless Meetings 2021 A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | 9.1 |
| 2024-07-31 | CVE-2024-3082 | Insufficiently Protected Credentials vulnerability in Proges Sensor NET Connect Firmware V2 2.24 A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | 4.6 |
| 2024-07-01 | CVE-2024-39878 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | 5.3 |
| 2024-07-01 | CVE-2024-39879 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | 5.3 |