Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20438 | 1 Technicolor | 2 Tc7110.ar, Tc7110.ar Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-10327 | 1 Printeron | 1 Printeron | 2019-10-03 | 1.9 LOW | 7.0 HIGH |
| PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | |||||
| CVE-2018-16669 | 1 Circontrol | 1 Open Charge Point Protocol | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. | |||||
| CVE-2018-20442 | 1 Technicolor | 2 Tc7110.b, Tc7110.b Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2017-17106 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | |||||
| CVE-2017-1337 | 1 Ibm | 1 Websphere Mq | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | |||||
| CVE-2018-20390 | 1 Kaonmedia | 6 Cg2001-an22a, Cg2001-an22a Firmware, Cg2001-udbna and 3 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20399 | 1 Motorola | 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-13014 | 1 Safensoft | 3 Enterprise Suite, Syswatch, Tpsecure | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings. | |||||
| CVE-2017-8837 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | |||||
| CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2019-10-03 | 5.1 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2019-10-03 | 4.0 MEDIUM | 6.8 MEDIUM |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2018-1000104 | 1 Jenkins | 1 Coverity | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. | |||||
| CVE-2017-6694 | 1 Cisco | 1 Ultra Services Platform | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2018-1000608 | 1 Jenkins | 1 Z\/os Connector | 2019-10-03 | 4.0 MEDIUM | 7.2 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. | |||||
| CVE-2017-7933 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2017-11349 | 1 Datataker | 2 Dt8x, Dt8x Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | |||||
| CVE-2017-5700 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2019-10-03 | 7.2 HIGH | 8.4 HIGH |
| Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | |||||
| CVE-2018-4170 | 1 Apple | 1 Mac Os X | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. | |||||
| CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||