Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2014-3445 | 1 Handsomeweb | 1 Sos Webpages | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | |||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | |||||
| CVE-2014-1423 | 2 Signond Project, Ubports | 2 Signond, Ubuntu Touch | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. | |||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | |||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | |||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2024-11-21 | 1.9 LOW | 6.8 MEDIUM |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | |||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | N/A | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | |||||
| CVE-2013-4423 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| CloudForms stores user passwords in recoverable format | |||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2024-11-21 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | |||||
| CVE-2013-3313 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311. | |||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | |||||
| CVE-2013-2106 | 2 Debian, Stanford | 2 Debian Linux, Webauth | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| webauth before 4.6.1 has authentication credential disclosure | |||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | |||||
| CVE-2012-5627 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2024-11-21 | 4.0 MEDIUM | N/A |
| Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | |||||
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Claws Mail vCalendar plugin: credentials exposed on interface | |||||
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2024-11-21 | 7.8 HIGH | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | |||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | |||||