Total
1009 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10024 | 1 Ubiquoss | 2 Vp5208a, Vp5208a Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled). | |||||
CVE-2017-9969 | 1 Schneider-electric | 1 Igss Mobile | 2023-12-10 | 2.1 LOW | 6.7 MEDIUM |
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. | |||||
CVE-2018-4190 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | |||||
CVE-2018-4170 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. | |||||
CVE-2017-1764 | 1 Ibm | 1 Cognos Business Intelligence | 2023-12-10 | 1.9 LOW | 7.0 HIGH |
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | |||||
CVE-2018-11639 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | |||||
CVE-2018-10286 | 1 Ericssonlg | 1 Ipecs Nms | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | |||||
CVE-2018-11544 | 1 Theolivetree | 1 Ftp Server | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. | |||||
CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | |||||
CVE-2017-11510 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | |||||
CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | |||||
CVE-2018-7518 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. | |||||
CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2023-12-10 | 2.1 LOW | 5.3 MEDIUM |
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network. | |||||
CVE-2018-6618 | 1 Ehcp | 1 Easy Hosting Control Panel | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. | |||||
CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | |||||
CVE-2018-10355 | 1 Trendmicro | 1 Email Encryption Gateway | 2023-12-10 | 1.9 LOW | 7.0 HIGH |
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. | |||||
CVE-2017-1378 | 1 Ibm | 1 Tivoli Storage Manager | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. | |||||
CVE-2017-15918 | 1 Ignitum | 1 Sera | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | |||||
CVE-2017-11349 | 1 Datataker | 2 Dt8x, Dt8x Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | |||||
CVE-2017-9557 | 1 Echatserver | 1 Easy Chat Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. |