Total
986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2665 | 2 Mongodb, Redhat | 2 Mongodb, Storage Console | 2024-02-28 | 1.9 LOW | 7.0 HIGH |
| The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. | |||||
| CVE-2018-9160 | 1 Sickrage | 1 Sickrage | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. | |||||
| CVE-2018-4190 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-02-28 | 4.3 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | |||||
| CVE-2018-5708 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-02-28 | 6.1 MEDIUM | 8.0 HIGH |
| An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. | |||||
| CVE-2017-1764 | 1 Ibm | 1 Cognos Business Intelligence | 2024-02-28 | 1.9 LOW | 7.0 HIGH |
| IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | |||||
| CVE-2018-1000610 | 1 Jenkins | 1 Configuration As Code | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. | |||||
| CVE-2018-0828 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | |||||
| CVE-2018-12260 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices | |||||
| CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
| Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | |||||
| CVE-2018-7518 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. | |||||
| CVE-2018-7510 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. | |||||
| CVE-2017-17106 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | |||||
| CVE-2017-7524 | 1 Tpm2-tools Project | 1 Tpm2.0-tools | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | |||||
| CVE-2017-6532 | 1 Televes | 2 Coaxdata Gateway 1gbps, Coaxdata Gateway 1gbps Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | |||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | |||||
| CVE-2017-1378 | 1 Ibm | 1 Tivoli Storage Manager | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. | |||||
| CVE-2017-9557 | 1 Echatserver | 1 Easy Chat Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | |||||
| CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
| CVE-2017-1000245 | 1 Jenkins | 1 Ssh | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. | |||||
| CVE-2017-13998 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
| An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | |||||