Total
807 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20382 | 1 Jezetek-intl | 2 Bcm93383wrg, Bcm93383wrg Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
CVE-2017-6694 | 1 Cisco | 1 Ultra Services Platform | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. | |||||
CVE-2017-6532 | 1 Televes | 2 Coaxdata Gateway 1gbps, Coaxdata Gateway 1gbps Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | |||||
CVE-2017-6528 | 1 Dnatools | 1 Dnalims | 2019-10-02 | 4.3 MEDIUM | 8.1 HIGH |
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). | |||||
CVE-2017-5704 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2019-10-02 | 2.1 LOW | 6.7 MEDIUM |
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. | |||||
CVE-2017-5700 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2019-10-02 | 7.2 HIGH | 8.4 HIGH |
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | |||||
CVE-2017-5140 | 1 Honeywell | 1 Xl Web Ii Controller | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | |||||
CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | |||||
CVE-2017-4923 | 1 Vmware | 1 Vcenter Server | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | |||||
CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2019-10-02 | 5.1 MEDIUM | 8.1 HIGH |
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
CVE-2017-2751 | 1 Hp | 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more | 2019-10-02 | 2.1 LOW | 4.6 MEDIUM |
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. | |||||
CVE-2017-1779 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-10-02 | 2.1 LOW | 7.8 HIGH |
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. | |||||
CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2019-10-02 | 4.3 MEDIUM | 8.1 HIGH |
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||
CVE-2017-1764 | 1 Ibm | 1 Cognos Business Intelligence | 2019-10-02 | 1.9 LOW | 7.0 HIGH |
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | |||||
CVE-2017-17106 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | |||||
CVE-2017-15918 | 1 Ignitum | 1 Sera | 2019-10-02 | 2.1 LOW | 7.8 HIGH |
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | |||||
CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | |||||
CVE-2017-15272 | 1 Psftp | 1 Psftpd | 2019-10-02 | 2.1 LOW | 5.3 MEDIUM |
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password. | |||||
CVE-2017-14711 | 1 Kickbase | 1 Bundesliga Manager | 2019-10-02 | 4.3 MEDIUM | 8.1 HIGH |
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. |