Page 20 of 10786 results (0.047 seconds)

CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0

IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. IBM Workload Scheduler 9.5, 10.1 y 10.2 almacena las credenciales de usuario en texto plano que puede ser leído por un usuario local. • https://www.ibm.com/support/pages/node/7177061 • CWE-256: Plaintext Storage of a Password •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

Improper control of framework service permissions with possibility of some sensitive device information leakage. • https://www.vivo.com/en/support/security-advisory-detail?id=11 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0

This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2. • https://access.redhat.com/errata/RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10178 https://access.redhat.com/security/cve/CVE-2024-10451 https://bugzilla.redhat.com/show_bug.cgi?id=2322096 • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. • https://www.ibm.com/support/pages/node/7168703 https://www.ibm.com/support/pages/node/7176947 • CWE-613: Insufficient Session Expiration •

CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0

A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5570 • CWE-862: Missing Authorization •