Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11029 | 1 Google | 1 Android | 2020-04-07 | 7.5 High |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). | ||||
| CVE-2019-3942 | 1 Advantech | 1 Webaccess | 2020-04-02 | 7.5 High |
| Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. | ||||
| CVE-2020-11449 | 1 Technicolor | 2 Tc7337, Tc7337 Firmware | 2020-04-02 | 7.5 High |
| An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf. | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2020-03-26 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2019-18785 | 1 Suitecrm | 1 Suitecrm | 2020-03-24 | 7.5 High |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | ||||
| CVE-2020-9324 | 1 Aquaforest | 1 Tiff Server | 2020-03-20 | 7.5 High |
| Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. | ||||
| CVE-2020-6961 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2020-03-17 | 10.0 Critical |
| In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. | ||||
| CVE-2019-11686 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2020-03-13 | 5.5 Medium |
| Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | ||||
| CVE-2019-10706 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2020-03-13 | 6.3 Medium |
| Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. | ||||
| CVE-2019-10705 | 1 Westerndigital | 40 Sandisk X600 Sd9sb8w-128g, Sandisk X600 Sd9sb8w-128g Firmware, Sandisk X600 Sd9sb8w-1t00 and 37 more | 2020-03-13 | 7.5 High |
| Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. | ||||
| CVE-2019-5648 | 1 Barracuda | 2 Load Balancer Adc, Load Balancer Adc Firmware | 2020-03-12 | 6.5 Medium |
| Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. | ||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2020-02-25 | 5.5 Medium |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | ||||
| CVE-2014-4660 | 1 Redhat | 1 Ansible | 2020-02-25 | 5.5 Medium |
| Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | ||||
| CVE-2020-6969 | 1 Automationdirect | 22 C-more Ea9-rhi, C-more Ea9-rhi Firmware, C-more Ea9-t10cl and 19 more | 2020-02-14 | 9.8 Critical |
| It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations. | ||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2020-02-11 | 6.8 Medium |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | ||||
| CVE-2019-19539 | 1 Hp | 3 Web Viewpoint T0320, Web Viewpoint T0952, Web Viewpoint T0986 | 2020-02-07 | 5.5 Medium |
| An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. | ||||
| CVE-2019-19823 | 11 Ciktel, Coship, Fg-products and 8 more | 36 Mesh Router, Mesh Router Firmware, Emta Ap and 33 more | 2020-02-06 | 7.5 High |
| A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | ||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-05 | 7.5 High |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | ||||
| CVE-2020-7909 | 1 Jetbrains | 1 Teamcity | 2020-02-01 | 7.5 High |
| In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | ||||
| CVE-2014-3445 | 1 Handsomeweb | 1 Sos Webpages | 2020-01-31 | 9.8 Critical |
| backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | ||||