Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-19687 | 1 Openstack | 1 Keystone | 2020-01-31 | 8.8 High |
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | ||||
CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2020-01-30 | 7.5 High |
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | ||||
CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2020-01-28 | 7.5 High |
General Electric D20ME devices are not properly configured and reveal plaintext passwords. | ||||
CVE-2014-5381 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2020-01-15 | 9.8 Critical |
Grand MA 300 allows a brute-force attack on the PIN. | ||||
CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2020-01-15 | 7.5 High |
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
CVE-2019-5990 | 1 Anglers-net | 1 Cgi An-anlyzer | 2020-01-14 | 7.5 High |
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer. | ||||
CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2020-01-14 | 7.5 High |
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | ||||
CVE-2014-5093 | 1 Status2k | 1 Status2k | 2020-01-14 | 9.8 Critical |
Status2k does not remove the install directory allowing credential reset. | ||||
CVE-2019-4508 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-01-13 | 7.8 High |
IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429. | ||||
CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.9 Medium |
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | ||||
CVE-2019-20047 | 1 Al-enterprise | 2 Omnivista 4760, Omnivista 8770 | 2020-01-07 | 7.5 High |
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>. | ||||
CVE-2019-6024 | 1 Rakuten | 1 Rakuma | 2020-01-02 | 6.5 Medium |
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party. | ||||
CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2019-12-18 | 5.5 Medium |
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | ||||
CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2019-12-11 | 5.5 Medium |
Claws Mail vCalendar plugin: credentials exposed on interface | ||||
CVE-2013-2106 | 2 Debian, Stanford | 2 Debian Linux, Webauth | 2019-12-10 | 7.5 High |
webauth before 4.6.1 has authentication credential disclosure | ||||
CVE-2019-16673 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2019-12-10 | 6.5 Medium |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | ||||
CVE-2013-3313 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2019-11-27 | 7.5 High |
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311. | ||||
CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2019-11-08 | 9.8 Critical |
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | ||||
CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2019-11-08 | 5.5 Medium |
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | ||||
CVE-2018-1074 | 2 Ovirt, Redhat | 2 Ovirt, Enterprise Virtualization | 2019-11-06 | N/A |
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. |