Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21237 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-09 | 5.3 Medium |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
| CVE-2018-21239 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2020-06-09 | 5.3 Medium |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
| CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2020-06-04 | 7.5 High |
| system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | ||||
| CVE-2015-7546 | 2 Openstack, Oracle | 3 Keystone, Keystonemiddleware, Solaris | 2020-06-02 | 7.5 High |
| The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. | ||||
| CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 7.8 High |
| Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | ||||
| CVE-2017-3214 | 1 Milwaukeetool | 1 One-key | 2020-05-21 | 7.5 High |
| The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | ||||
| CVE-2014-1423 | 2 Signond Project, Ubports | 2 Signond, Ubuntu Touch | 2020-05-12 | 5.5 Medium |
| signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. | ||||
| CVE-2018-11752 | 1 Puppet | 1 Cisco Ios | 2020-05-01 | 5.5 Medium |
| Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release. | ||||
| CVE-2019-19105 | 2 Abb, Busch-jaeger | 4 Tg\/s3.2, Tg\/s3.2 Firmware, 6186\/11 and 1 more | 2020-04-29 | 5.5 Medium |
| The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | ||||
| CVE-2020-5721 | 1 Mikrotik | 1 Winbox | 2020-04-28 | 5.5 Medium |
| MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router. | ||||
| CVE-2019-4668 | 1 Ibm | 1 Urbancode Deploy | 2020-04-27 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250. | ||||
| CVE-2017-18777 | 1 Netgear | 36 D6220, D6220 Firmware, D6400 and 33 more | 2020-04-24 | 7.8 High |
| Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. | ||||
| CVE-2017-18843 | 1 Netgear | 6 D7000, D7000 Firmware, R6700 and 3 more | 2020-04-23 | 7.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. | ||||
| CVE-2017-18844 | 1 Netgear | 6 D7000, D7000 Firmware, R6700 and 3 more | 2020-04-23 | 7.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. | ||||
| CVE-2017-18845 | 1 Netgear | 4 R6700, R6700 Firmware, R6800 and 1 more | 2020-04-22 | 7.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. | ||||
| CVE-2020-5406 | 1 Vmware | 1 Tanzu Application Service For Vms | 2020-04-13 | 6.5 Medium |
| VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling. | ||||
| CVE-2020-11555 | 1 Castlerock | 1 Snmpc Online | 2020-04-10 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | ||||
| CVE-2020-1978 | 1 Paloaltonetworks | 2 Pan-os, Vm-series | 2020-04-10 | 4.4 Medium |
| TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. This issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us. The TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials. | ||||
| CVE-2020-5263 | 1 Auth0 | 1 Auth0.js | 2020-04-10 | 4.9 Medium |
| auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3 | ||||
| CVE-2017-18695 | 1 Google | 1 Android | 2020-04-08 | 6.5 Medium |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017). | ||||