Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47880 | 1 Jedox | 2 Jedox, Jedox Cloud | 2023-05-24 | 5.3 Medium |
| An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | ||||
| CVE-2020-3180 | 1 Cisco | 13 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 10 more | 2023-05-23 | 7.8 High |
| A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges. | ||||
| CVE-2022-30601 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2023-05-22 | 9.8 Critical |
| Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. | ||||
| CVE-2022-30944 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2023-05-22 | 5.5 Medium |
| Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-24506 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2023-05-17 | 7.5 High |
| Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. | ||||
| CVE-2019-19096 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 6.1 Medium |
| The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | ||||
| CVE-2021-35527 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 7.5 High |
| Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. | ||||
| CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2023-05-16 | N/A |
| An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | ||||
| CVE-2021-35529 | 1 Hitachienergy | 2 Counterparty Settlement And Billing, Retail Operations | 2023-05-16 | 7.2 High |
| Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions. | ||||
| CVE-2023-31136 | 1 Vapor | 1 Postgresnio | 2023-05-16 | 5.9 Medium |
| PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. | ||||
| CVE-2023-28764 | 1 Sap | 1 Businessobjects | 2023-05-12 | 5.9 Medium |
| SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | ||||
| CVE-2023-25495 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2023-05-09 | 4.9 Medium |
| A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | ||||
| CVE-2023-2335 | 1 42gears | 1 Surelock | 2023-05-08 | 7.5 High |
| Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | ||||
| CVE-2023-1778 | 1 Gajshield | 2 Data Security Firewall, Data Security Firewall Firmware | 2023-05-08 | 9.8 Critical |
| This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | ||||
| CVE-2023-26567 | 1 Sangoma | 1 Freepbx Linux 7 | 2023-05-05 | 8.1 High |
| Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | ||||
| CVE-2023-28084 | 2 Hp, Hpe | 2 Oneview, Oneview Global Dashboard | 2023-05-04 | 5.5 Medium |
| HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | ||||
| CVE-2023-28088 | 1 Hp | 1 Oneview | 2023-05-04 | 7.8 High |
| An HPE OneView appliance dump may expose SAN switch administrative credentials | ||||
| CVE-2023-28089 | 1 Hp | 1 Oneview | 2023-05-04 | 7.1 High |
| An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | ||||
| CVE-2023-28090 | 1 Hp | 1 Oneview | 2023-05-04 | 5.5 Medium |
| An HPE OneView appliance dump may expose SNMPv3 read credentials | ||||
| CVE-2021-33589 | 1 Ribose | 1 Rnp | 2023-05-03 | 7.5 High |
| Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | ||||