Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | 7.8 HIGH | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | |||||
| CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2023-03-22 | 5.0 MEDIUM | N/A |
| The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2023-0457 | 1 Mitsubishielectric | 76 Fx5-enet, Fx5-enet\/ip, Fx5-enet\/ip Firmware and 73 more | 2023-03-14 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions, FX5UJ CPU modules all models all versions, FX5S CPU modules all models all versions, FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | |||||
| CVE-2022-37935 | 1 Hp | 1 Oneview For Vmware Vcenter | 2023-03-09 | N/A | 5.5 MEDIUM |
| HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | |||||
| CVE-2022-41614 | 1 Intel | 1 On Event Series | 2023-03-07 | N/A | 5.5 MEDIUM |
| Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-47703 | 1 Tianjie | 2 Cpe906-3, Cpe906-3 Firmware | 2023-03-06 | N/A | 7.5 HIGH |
| TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. | |||||
| CVE-2019-0182 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-03-03 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2023-03-02 | N/A | 9.8 CRITICAL |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | |||||
| CVE-2019-15052 | 1 Gradle | 1 Gradle | 2023-03-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. | |||||
| CVE-2018-7820 | 1 Schneider-electric | 8 Ap9630, Ap9630 Firmware, Ap9631 and 5 more | 2023-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | |||||
| CVE-2019-10429 | 1 Jenkins | 1 Gitlab Logo | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10426 | 1 Jenkins | 1 Gem Publisher | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10425 | 1 Jenkins | 1 Google Calendar | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10398 | 1 Jenkins | 1 Beaker Builder | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2022-40678 | 1 Fortinet | 1 Fortinac | 2023-02-27 | N/A | 7.8 HIGH |
| An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. | |||||
| CVE-2019-0175 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0179 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0180 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0183 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||