Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20382 | 1 Jezetek-intl | 2 Bcm93383wrg, Bcm93383wrg Firmware | 2022-10-03 | N/A |
| Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2018-20444 | 1 Technicolor | 2 Cga0111, Cga0111 Firmware | 2022-10-03 | N/A |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | ||||
| CVE-2018-18656 | 1 Purevpn | 1 Purevpn | 2022-10-03 | N/A |
| The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. | ||||
| CVE-2018-1000851 | 1 Copay | 1 Copay Bitcoin Wallet | 2022-10-03 | N/A |
| Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later . | ||||
| CVE-2018-1000104 | 1 Jenkins | 1 Coverity | 2022-10-03 | N/A |
| A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. | ||||
| CVE-2018-1000610 | 1 Jenkins | 1 Configuration As Code | 2022-10-03 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. | ||||
| CVE-2018-11544 | 1 Theolivetree | 1 Ftp Server | 2022-10-03 | 9.8 Critical |
| The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. | ||||
| CVE-2019-7300 | 1 Articatech | 1 Artica Proxy | 2022-10-03 | N/A |
| Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | ||||
| CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2022-10-01 | 6.5 Medium |
| In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | ||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2022-09-30 | 4.9 Medium |
| Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | ||||
| CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2022-09-30 | 8.8 High |
| Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | ||||
| CVE-2021-34560 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2022-09-29 | 5.5 Medium |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. | ||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 7.5 High |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | ||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 4.4 Medium |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | ||||
| CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 8.1 High |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | ||||
| CVE-2022-36617 | 1 Haystacksoftware | 1 Arq Backup | 2022-09-14 | 4.9 Medium |
| Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. | ||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2022-09-08 | 6.5 Medium |
| HCL VersionVault Express exposes administrator credentials. | ||||
| CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2022-09-01 | 7.8 High |
| A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-23019 | 1 F5 | 1 Nginx Controller | 2022-08-30 | 7.8 High |
| The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. | ||||
| CVE-2022-34838 | 1 Abb | 1 Zenon | 2022-08-30 | 8.4 High |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | ||||