Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | |||||
| CVE-2020-13915 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2021-07-21 | 6.4 MEDIUM | 7.5 HIGH |
| Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2019-15656 | 1 D-link | 4 Dsl-2875al, Dsl-2875al Firmware, Dsl-2877al and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | |||||
| CVE-2019-15655 | 1 D-link | 2 Dsl-2875al, Dsl-2875al Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. | |||||
| CVE-2019-15653 | 1 Comba | 2 Ap2600-i - A02 - 0202n00pd2, Ap2600-i - A02 - 0202n00pd2 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). | |||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | |||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | |||||
| CVE-2019-13394 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | |||||
| CVE-2019-13023 | 1 Jetstream | 1 Jetselect | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | |||||
| CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | |||||
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2021-07-21 | 4.3 MEDIUM | 7.8 HIGH |
| Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. | |||||
| CVE-2020-11629 | 1 Primekey | 1 Ejbca | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | |||||
| CVE-2019-11664 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2019-11663 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2020-11821 | 1 Rukovoditel | 1 Rukovoditel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them. | |||||
| CVE-2020-10752 | 1 Redhat | 1 Openshift Container Platform | 2021-07-21 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. | |||||
| CVE-2020-10554 | 1 Psyprax | 1 Psyprax | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | |||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2021-07-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | |||||
| CVE-2020-5404 | 1 Pivotal | 1 Reactor Netty | 2021-07-07 | 4.9 MEDIUM | 5.9 MEDIUM |
| The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects. | |||||
| CVE-2019-6452 | 1 Kyocera | 3 Command Center Rx, Taskalfa 4501i, Taskalfa 5052ci | 2021-06-28 | 4.0 MEDIUM | 8.8 HIGH |
| Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password. | |||||