Total
986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | |||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | |||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | |||||
| CVE-2020-13344 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis | |||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-02-28 | 7.2 HIGH | 5.0 MEDIUM |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | |||||
| CVE-2020-27781 | 2 Fedoraproject, Redhat | 5 Fedora, Ceph, Ceph Storage and 2 more | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. | |||||
| CVE-2021-25284 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-02-28 | 1.9 LOW | 4.4 MEDIUM |
| An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | |||||
| CVE-2020-27554 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | |||||
| CVE-2020-14391 | 2 Gnome, Redhat | 5 Control Center, Enterprise Linux, Enterprise Linux Aus and 2 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-22132 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2024-02-28 | 2.1 LOW | 4.8 MEDIUM |
| Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2 | |||||
| CVE-2020-2314 | 1 Jenkins | 1 Appspider | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2020-12309 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2020-28219 | 1 Schneider-electric | 2 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. | |||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | |||||
| CVE-2020-26508 | 1 Canon | 2 Oce Colorwave 3500, Oce Colorwave 3500 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. | |||||
| CVE-2018-20243 | 1 Apache | 1 Fineract | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | |||||
| CVE-2014-1423 | 2 Signond Project, Ubports | 2 Signond, Ubuntu Touch | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. | |||||
| CVE-2020-14489 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. | |||||
| CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 2.1 LOW | 5.2 MEDIUM |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | |||||
| CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | |||||