Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4308 | 1 Secomea | 1 Gatemanager | 2023-04-29 | 8.8 High |
| Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | ||||
| CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2023-04-28 | 8.8 High |
| Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | ||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2023-04-26 | 9.8 Critical |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | ||||
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2023-04-26 | 9.8 Critical |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | ||||
| CVE-2018-20389 | 2 D-link, Dlink | 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more | 2023-04-26 | N/A |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2023-04-26 | N/A |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | ||||
| CVE-2018-14081 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2023-04-26 | N/A |
| An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | ||||
| CVE-2019-10224 | 1 Fedoraproject | 1 389 Directory Server | 2023-04-24 | 4.6 Medium |
| A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information. | ||||
| CVE-2023-25413 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2023-04-14 | 7.5 High |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. | ||||
| CVE-2023-25407 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2023-04-14 | 7.2 High |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. | ||||
| CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2023-04-01 | 7.5 High |
| In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | ||||
| CVE-2019-11092 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-03-24 | 4.4 Medium |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2021-36783 | 1 Suse | 1 Rancher | 2023-03-23 | 9.9 Critical |
| A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. | ||||
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | ||||
| CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | N/A |
| The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-20 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | ||||
| CVE-2022-41614 | 1 Intel | 1 On Event Series | 2023-03-07 | 5.5 Medium |
| Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0182 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-03-03 | 3.3 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2023-03-03 | 9.8 Critical |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | ||||
| CVE-2019-15052 | 1 Gradle | 1 Gradle | 2023-03-02 | 9.8 Critical |
| The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. | ||||