Total
1151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||
| CVE-2017-16718 | 1 Beckhoff | 1 Twincat | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added. | |||||
| CVE-2017-16714 | 1 Iceqube | 2 Thermal Management Center, Thermal Management Center Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | |||||
| CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | |||||
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | |||||
| CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | |||||
| CVE-2017-11510 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | |||||
| CVE-2017-1000387 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations. | |||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | |||||
| CVE-2016-9593 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems. | |||||
| CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
| CVE-2016-15014 | 1 Cesnet | 1 Theme-cesnet | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability. | |||||
| CVE-2016-11029 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). | |||||
| CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | |||||
| CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | |||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | |||||
| CVE-2014-5381 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Grand MA 300 allows a brute-force attack on the PIN. | |||||
| CVE-2014-5093 | 1 Status2k | 1 Status2k | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Status2k does not remove the install directory allowing credential reset. | |||||
| CVE-2014-4660 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | |||||