Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1000401 | 1 Jenkins | 1 Aws Codepipeline | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. | |||||
CVE-2017-1000387 | 1 Jenkins | 1 Build-publisher | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations. | |||||
CVE-2017-9637 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2024-02-28 | 1.9 LOW | 4.1 MEDIUM |
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
CVE-2018-10024 | 1 Ubiquoss | 2 Vp5208a, Vp5208a Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled). | |||||
CVE-2018-4170 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. | |||||
CVE-2018-10286 | 1 Ericssonlg | 1 Ipecs Nms | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | |||||
CVE-2018-7782 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. | |||||
CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | |||||
CVE-2018-1074 | 2 Ovirt, Redhat | 2 Ovirt, Enterprise Virtualization | 2024-02-28 | 4.0 MEDIUM | 7.2 HIGH |
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. | |||||
CVE-2018-7698 | 1 D-link | 1 Mydlink\+ | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. | |||||
CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | |||||
CVE-2018-10355 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-02-28 | 1.9 LOW | 7.0 HIGH |
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. | |||||
CVE-2017-5704 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. | |||||
CVE-2017-11510 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | |||||
CVE-2018-1000403 | 1 Jenkins | 1 Aws Codedeploy | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. | |||||
CVE-2018-11746 | 1 Puppet | 1 Discovery | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery. | |||||
CVE-2018-13014 | 1 Safensoft | 3 Enterprise Suite, Syswatch, Tpsecure | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings. | |||||
CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | |||||
CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | |||||
CVE-2017-9654 | 1 Philips | 1 Dosewise | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. |