Total
986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2198 | 1 Jenkins | 1 Project Inheritance | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | |||||
| CVE-2020-17489 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Gnome-shell and 1 more | 2024-02-28 | 1.9 LOW | 4.3 MEDIUM |
| An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | |||||
| CVE-2020-11821 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them. | |||||
| CVE-2017-18845 | 1 Netgear | 4 R6700, R6700 Firmware, R6800 and 1 more | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. | |||||
| CVE-2019-4668 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250. | |||||
| CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 2.1 LOW | 5.2 MEDIUM |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | |||||
| CVE-2020-16280 | 1 Rangee | 1 Rangeeos | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system. | |||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | |||||
| CVE-2018-21239 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | |||||
| CVE-2020-10287 | 1 Abb | 4 Irb140, Irb140 Firmware, Irc5 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them). | |||||
| CVE-2020-4372 | 1 Ibm | 1 Verify Gateway | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 | |||||
| CVE-2020-2209 | 1 Jenkins | 1 Testcomplete Support | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
| CVE-2019-13023 | 1 Jetstream | 1 Jetselect | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | |||||
| CVE-2019-18785 | 1 Suitecrm | 1 Suitecrm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | |||||
| CVE-2019-13394 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | |||||
| CVE-2020-2181 | 1 Jenkins | 1 Credentials Binding | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | |||||
| CVE-2020-13915 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
| Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2020-6195 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system. | |||||
| CVE-2020-24622 | 1 Sonatype | 1 Nexus | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | |||||