Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2019-10-03 | N/A |
| An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | ||||
| CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-03 | N/A |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | ||||
| CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2019-10-03 | N/A |
| Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | ||||
| CVE-2017-15272 | 1 Psftp | 1 Psftpd | 2019-10-03 | N/A |
| The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password. | ||||
| CVE-2017-14711 | 1 Kickbase | 1 Bundesliga Manager | 2019-10-03 | N/A |
| The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. | ||||
| CVE-2018-16222 | 1 Ismartalarm | 1 Ismartalarm | 2019-10-03 | N/A |
| Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. | ||||
| CVE-2018-16223 | 1 Qbeecam | 1 Qbeecam | 2019-10-03 | N/A |
| Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. | ||||
| CVE-2018-16669 | 1 Circontrol | 1 Open Charge Point Protocol | 2019-10-03 | N/A |
| An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. | ||||
| CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2019-10-03 | N/A |
| In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | ||||
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2019-10-03 | N/A |
| An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | ||||
| CVE-2018-17613 | 1 Telegram | 1 Telegram Desktop | 2019-10-03 | N/A |
| Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | ||||
| CVE-2019-11769 | 1 Teamviewer | 1 Teamviewer | 2019-09-13 | 7.8 High |
| An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. | ||||
| CVE-2017-7486 | 1 Postgresql | 1 Postgresql | 2018-01-05 | N/A |
| PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | ||||