Export limit exceeded: 45304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43937 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.7 Medium |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | ||||
| CVE-2022-43935 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.3 Medium |
| An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | ||||
| CVE-2022-43933 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 4.4 Medium |
| An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | ||||
| CVE-2024-22460 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2025-02-04 | 2.2 Low |
| Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | ||||
| CVE-2023-31043 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-02-04 | 7.5 High |
| EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. | ||||
| CVE-2023-2250 | 1 Linuxfoundation | 1 Open Cluster Management | 2025-02-04 | 6.7 Medium |
| A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | ||||
| CVE-2023-28131 | 1 Expo | 1 Expo Software Development Kit | 2025-02-04 | 9.6 Critical |
| A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). | ||||
| CVE-2024-53292 | 1 Dell | 1 Vxrail Hyperconverged Infrastructure | 2025-02-04 | 7.2 High |
| Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account. | ||||
| CVE-2024-52537 | 3 Dell, Linux, Microsoft | 5 Dock Hd22q Firmware Update Utility, Dock Wd19 Firmware Update Utility, Dock Wd22tb4 Firmware Update Utility and 2 more | 2025-02-04 | 6.3 Medium |
| Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2024-29955 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5 Medium |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
| CVE-2024-29957 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
| When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
| CVE-2024-29958 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. | ||||
| CVE-2024-47480 | 1 Dell | 1 Inventory Collector | 2025-02-04 | 7.8 High |
| Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. | ||||
| CVE-2024-52542 | 1 Dell | 1 Appsync | 2025-02-04 | 4.4 Medium |
| Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. | ||||
| CVE-2024-29959 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 8.6 High |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | ||||
| CVE-2025-0148 | 2025-02-04 | 2.6 Low | ||
| Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. | ||||
| CVE-2024-10403 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 7.5 High |
| Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | ||||
| CVE-2024-26133 | 1 Kurrent | 1 Eventstoredb | 2025-02-04 | 5.5 Medium |
| EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied. | ||||
| CVE-2024-28961 | 1 Dell | 1 Openmanage Enterprise | 2025-02-03 | 6.3 Medium |
| Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2023-28087 | 1 Hp | 1 Oneview | 2025-02-03 | 5.5 Medium |
| An HPE OneView appliance dump may expose OneView user accounts | ||||