Total
1029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0184 | 1 Kingjim | 7 Sma3, Spc10, Spc10 Firmware and 4 more | 2024-02-04 | 3.3 LOW | 4.3 MEDIUM |
| Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | |||||
| CVE-2022-22554 | 1 Dell | 1 Emc System Update | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | |||||
| CVE-2021-28499 | 1 Arista | 2 7130, Metamako Operating System | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | |||||
| CVE-2021-20826 | 1 Idec | 7 Data File Manager, Microsmart Fc6a, Microsmart Fc6a Firmware and 4 more | 2024-02-04 | 3.3 LOW | 7.6 HIGH |
| Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted. | |||||
| CVE-2021-44451 | 1 Apache | 1 Superset | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher. | |||||
| CVE-2021-37400 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
| CVE-2022-23114 | 1 Jenkins | 1 Publish Over Ssh | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | |||||
| CVE-2021-1589 | 1 Cisco | 1 Sd-wan | 2024-02-04 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. | |||||
| CVE-2021-28498 | 1 Arista | 2 7130, Metamako Operating System | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | |||||
| CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | |||||
| CVE-2021-42913 | 1 Samsung | 3 Scx-6555, Scx-6555n, Syncthru Web Service | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. | |||||
| CVE-2020-27413 | 1 Mahadiscom | 1 Mahavitaran | 2024-02-04 | 1.9 LOW | 4.2 MEDIUM |
| An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. | |||||
| CVE-2021-37187 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords. | |||||
| CVE-2021-37401 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
| CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | |||||
| CVE-2021-41023 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | |||||
| CVE-2020-23036 | 1 Medianavi | 1 Smacom | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. | |||||
| CVE-2022-23117 | 1 Jenkins | 1 Conjur Secrets | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | |||||
| CVE-2021-20163 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. | |||||