Vulnerabilities (CVE)

Filtered by CWE-522
Total 1024 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19843 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
CVE-2019-19823 11 Ciktel, Coship, Fg-products and 8 more 36 Mesh Router, Mesh Router Firmware, Emta Ap and 33 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.
CVE-2019-19696 1 Trendmicro 1 Password Manager 2024-11-21 2.1 LOW 5.5 MEDIUM
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.
CVE-2019-19687 1 Openstack 1 Keystone 2024-11-21 3.5 LOW 8.8 HIGH
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
CVE-2019-19539 1 Hp 3 Web Viewpoint T0320, Web Viewpoint T0952, Web Viewpoint T0986 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.
CVE-2019-19310 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
CVE-2019-19218 1 Bmcsoftware 1 Control-m\/agent 2024-11-21 4.3 MEDIUM 7.5 HIGH
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
CVE-2019-19119 1 Paessler 1 Prtg Network Monitor 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.
CVE-2019-19105 2 Abb, Busch-jaeger 4 Tg\/s3.2, Tg\/s3.2 Firmware, 6186\/11 and 1 more 2024-11-21 2.1 LOW 6.2 MEDIUM
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.
CVE-2019-19096 1 Hitachienergy 1 Esoms 2024-11-21 3.6 LOW 6.1 MEDIUM
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
CVE-2019-18868 1 Blaauwproducts 1 Remote Kiln Control 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
CVE-2019-18785 1 Suitecrm 1 Suitecrm 2024-11-21 5.0 MEDIUM 7.5 HIGH
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.
CVE-2019-18615 1 Arista 1 Cloudvision Portal 2024-11-21 3.5 LOW 4.9 MEDIUM
In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.
CVE-2019-18572 1 Dell 1 Rsa Identity Governance And Lifecycle 2024-11-21 7.5 HIGH 9.8 CRITICAL
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.
CVE-2019-18256 1 Biotronik 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more 2024-11-21 2.1 LOW 4.6 MEDIUM
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.
CVE-2019-17662 1 Cybelsoft 1 Thinvnc 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
CVE-2019-17497 1 Tracker-software 1 Pdf-xchange Editor 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.
CVE-2019-17393 1 Tomedo 1 Server 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.
CVE-2019-17356 1 Infinitestudio 1 Infinite Design 2024-11-21 3.3 LOW 6.5 MEDIUM
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.
CVE-2019-16673 1 Weidmueller 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.