Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11821 | 1 Rukovoditel | 1 Rukovoditel | 2021-07-21 | 5.3 Medium |
| In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them. | ||||
| CVE-2019-19898 | 1 Ixpdata | 1 Easyinstall | 2021-07-21 | 7.5 High |
| In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | ||||
| CVE-2019-19890 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2021-07-21 | 7.5 High |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. | ||||
| CVE-2020-13915 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2021-07-21 | 7.5 High |
| Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2021-07-21 | 9.8 Critical |
| Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | ||||
| CVE-2020-11629 | 1 Primekey | 1 Ejbca | 2021-07-21 | 7.2 High |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | ||||
| CVE-2019-19696 | 1 Trendmicro | 1 Password Manager | 2021-07-21 | 5.5 Medium |
| A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | ||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2021-07-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | ||||
| CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2021-07-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | ||||
| CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2021-07-21 | 5.5 Medium |
| An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | ||||
| CVE-2020-10752 | 1 Redhat | 1 Openshift Container Platform | 2021-07-21 | 7.5 High |
| A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. | ||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2021-07-21 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2019-18868 | 1 Blaauwproducts | 1 Remote Kiln Control | 2021-07-21 | 9.8 Critical |
| Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | ||||
| CVE-2019-18615 | 1 Arista | 1 Cloudvision Portal | 2021-07-21 | 4.9 Medium |
| In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application. | ||||
| CVE-2020-14930 | 1 Bt Ctroms Terminal Project | 1 Bt Ctroms Terminal | 2021-07-21 | 8.1 High |
| An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | ||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2021-07-21 | 8.1 High |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2021-07-21 | N/A |
| Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. | ||||
| CVE-2020-10554 | 1 Psyprax | 1 Psyprax | 2021-07-21 | 7.5 High |
| An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | ||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2021-07-21 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2019-5505 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2021-07-21 | 9.8 Critical |
| ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | ||||