Fallos del tipo CWE-319

487 resultados
CVE-2024-25735CRITICALAn issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /deviEPSS 50.6%CVE-2016-5649Netgear DGN2200 and DGND3700 disclose the administrator passwordEPSS 27.2%CVE-2021-39341HIGHOptinMonster <= 2.6.4 Unprotected REST-API EndpointsEPSS 23.3%CVE-2022-43551HIGHA vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can beEPSS 17.0%CVE-2023-25437HIGHAn issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive infEPSS 14.1%CVE-2023-32784HIGHIn KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or nEPSS 4.7%CVE-2021-22946HIGHA user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqEPSS 4.2%CVE-2025-55976HIGHIntelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local netwEPSS 3.0%CVE-2020-13528LOWAn information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9EPSS 2.9%CVE-2016-5638Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear textEPSS 2.8%CVE-2023-46380HIGHLOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change reEPSS 2.5%CVE-2020-25645A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is confiEPSS 2.4%CVE-2021-22923When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, EPSS 1.8%CVE-2022-21829Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which cEPSS 1.7%CVE-2022-42916HIGHIn curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed tEPSS 1.6%CVE-2020-25178HIGHRockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive InformationEPSS 1.6%CVE-2019-10926A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data trEPSS 1.5%CVE-2018-0025MEDIUMJunos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User AuthenticationEPSS 1.4%CVE-2021-20992HIGHFibaro Home Center Unencrypted management interfaceEPSS 1.4%CVE-2024-38167MEDIUM.NET and Visual Studio Information Disclosure VulnerabilityEPSS 1.3%