Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-9279 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. | |||||
CVE-2018-20439 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
CVE-2018-11050 | 1 Dell | 1 Emc Networker | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user. | |||||
CVE-2018-11748 | 1 Puppet | 1 Device Manager | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0. | |||||
CVE-2018-20400 | 1 Ubeeinteractive | 4 Dvw2108, Dvw2108 Firmware, Dvw2110 and 1 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
CVE-2018-11544 | 1 Theolivetree | 1 Ftp Server | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. | |||||
CVE-2017-9969 | 1 Schneider-electric | 1 Igss Mobile | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. | |||||
CVE-2018-1000057 | 1 Jenkins | 1 Credentials Binding | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. | |||||
CVE-2018-9031 | 1 Tnlsoftsolutions | 1 Sentry Vision | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. | |||||
CVE-2018-10327 | 1 Printeron | 1 Printeron | 2024-02-28 | 1.9 LOW | 7.0 HIGH |
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | |||||
CVE-2018-1000608 | 1 Jenkins | 1 Z\/os Connector | 2024-02-28 | 4.0 MEDIUM | 7.2 HIGH |
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. | |||||
CVE-2018-1000104 | 1 Jenkins | 1 Coverity | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. | |||||
CVE-2018-11639 | 1 Dialogic | 1 Powermedia Xms | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | |||||
CVE-2017-7933 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | |||||
CVE-2018-6618 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. | |||||
CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | |||||
CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2024-02-28 | 2.1 LOW | 5.3 MEDIUM |
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network. | |||||
CVE-2018-1000404 | 1 Jenkins | 1 Aws Codebuild | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. | |||||
CVE-2017-1779 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. |