Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22251 | 1 Juniper | 2 Csrx, Junos | 2022-10-21 | 7.8 High |
| On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. | ||||
| CVE-2019-14840 | 1 Redhat | 1 Decision Manager | 2022-10-19 | 7.5 High |
| A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | ||||
| CVE-2022-28291 | 1 Tenable | 1 Nessus | 2022-10-19 | 6.5 Medium |
| Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | ||||
| CVE-2022-31130 | 1 Grafana | 1 Grafana | 2022-10-17 | 7.5 High |
| Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | ||||
| CVE-2020-12061 | 1 Nitrokey | 2 Fido U2f, Fido U2f Firmware | 2022-10-05 | 9.8 Critical |
| An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller. | ||||
| CVE-2020-24396 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2022-10-05 | 7.5 High |
| homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy. | ||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2022-10-03 | 7.5 High |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | ||||
| CVE-2022-37193 | 1 Chipolo | 2 Chipolo, Chipolo One | 2022-10-03 | 7.4 High |
| Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | ||||
| CVE-2017-9557 | 1 Echatserver | 1 Easy Chat Server | 2022-10-03 | 7.5 High |
| register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | ||||
| CVE-2017-1000245 | 1 Jenkins | 1 Ssh | 2022-10-03 | N/A |
| The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. | ||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2022-10-03 | N/A |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-8225 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2022-10-03 | N/A |
| On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. | ||||
| CVE-2017-8222 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2022-10-03 | N/A |
| Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. | ||||
| CVE-2018-10024 | 1 Ubiquoss | 2 Vp5208a, Vp5208a Firmware | 2022-10-03 | N/A |
| ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled). | ||||
| CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2022-10-03 | N/A |
| Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | ||||
| CVE-2018-17969 | 1 Samsung | 2 Scx-6545x, Scx-6545x Firmware | 2022-10-03 | N/A |
| Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | ||||
| CVE-2018-20442 | 1 Technicolor | 2 Tc7110.b, Tc7110.b Firmware | 2022-10-03 | N/A |
| Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | ||||
| CVE-2018-20438 | 1 Technicolor | 2 Tc7110.ar, Tc7110.ar Firmware | 2022-10-03 | N/A |
| Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | ||||
| CVE-2018-20400 | 1 Ubeeinteractive | 4 Dvw2108, Dvw2108 Firmware, Dvw2110 and 1 more | 2022-10-03 | N/A |
| Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2022-10-03 | N/A |
| Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||