Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-2182 | 1 Jenkins | 1 Credentials Binding | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | |||||
CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | |||||
CVE-2019-15656 | 1 Dlink | 4 Dsl-2875al, Dsl-2875al Firmware, Dsl-2877al and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | |||||
CVE-2020-10972 | 1 Wavlink | 6 Wn530hg4, Wn530hg4 Firmware, Wn531g3 and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3 | |||||
CVE-2019-19105 | 2 Abb, Busch-jaeger | 4 Tg\/s3.2, Tg\/s3.2 Firmware, 6186\/11 and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | |||||
CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | |||||
CVE-2017-18844 | 1 Netgear | 6 D7000, D7000 Firmware, R6700 and 3 more | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. | |||||
CVE-2020-4408 | 1 Ibm | 1 Qradar Advisory | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536. | |||||
CVE-2020-7299 | 1 Mcafee | 1 True Key | 2024-02-28 | 1.9 LOW | 4.1 MEDIUM |
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | |||||
CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
General Electric D20ME devices are not properly configured and reveal plaintext passwords. | |||||
CVE-2019-10423 | 1 Jenkins | 1 Codescan | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10419 | 1 Jenkins | 1 Vfabric Application Director | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-18615 | 1 Arista | 1 Cloudvision Portal | 2024-02-28 | 3.5 LOW | 4.9 MEDIUM |
In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application. | |||||
CVE-2019-10424 | 1 Jenkins | 1 Eloyente | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-6024 | 1 Rakuten | 1 Rakuma | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party. | |||||
CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2024-02-28 | 1.9 LOW | 6.8 MEDIUM |
LastPass prior to 2.5.1 has an insecure PIN implementation. | |||||
CVE-2020-2133 | 1 Jenkins | 1 Applatix | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10429 | 1 Jenkins | 1 Gitlab Logo | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-9104 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | |||||
CVE-2019-11686 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. |