Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
| CVE-2018-20389 | 2 D-link, Dlink | 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2023-04-01 | N/A | 7.5 HIGH |
| In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | |||||
| CVE-2019-11092 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-03-24 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-36783 | 1 Suse | 1 Rancher | 2023-03-23 | N/A | 9.9 CRITICAL |
| A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. | |||||
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | 7.8 HIGH | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | |||||
| CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | 5.0 MEDIUM | N/A |
| The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2022-41614 | 1 Intel | 1 On Event Series | 2023-03-07 | N/A | 5.5 MEDIUM |
| Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0182 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-03-03 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-15052 | 1 Gradle | 1 Gradle | 2023-03-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. | |||||
| CVE-2018-7820 | 1 Schneider-electric | 8 Ap9630, Ap9630 Firmware, Ap9631 and 5 more | 2023-03-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | |||||
| CVE-2019-0175 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0179 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0180 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0183 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-23463 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2023-02-24 | N/A | 7.5 HIGH |
| Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | |||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | |||||
| CVE-2013-4423 | 1 Redhat | 1 Cloudforms | 2023-02-13 | 2.1 LOW | 5.5 MEDIUM |
| CloudForms stores user passwords in recoverable format | |||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2023-02-13 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||