Total
1029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27270 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-02-04 | 2.9 LOW | 5.7 MEDIUM |
| SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | |||||
| CVE-2020-25011 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | |||||
| CVE-2020-35623 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space. | |||||
| CVE-2019-14483 | 1 Adremsoft | 1 Netcrunch | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | |||||
| CVE-2020-25848 | 1 Hgiga | 10 Msr45 Isherlock-antispam, Msr45 Isherlock-audit, Msr45 Isherlock-base and 7 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | |||||
| CVE-2021-3252 | 1 Kaco-newenergy | 2 Xp100u, Xp100u Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability. | |||||
| CVE-2020-28929 | 1 Epson | 2 Eps Tse Server 8, Eps Tse Server 8 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | |||||
| CVE-2020-26897 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-2312 | 1 Jenkins | 1 Sqlplus Script Runner | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. | |||||
| CVE-2020-26510 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | |||||
| CVE-2020-12309 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2021-20445 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. | |||||
| CVE-2021-27935 | 1 Adguard | 1 Adguard Home | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | |||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | |||||
| CVE-2020-26906 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26550 | 1 Aviatrix | 1 Controller | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | |||||
| CVE-2020-28896 | 3 Debian, Mutt, Neomutt | 3 Debian Linux, Mutt, Neomutt | 2024-02-04 | 2.6 LOW | 5.3 MEDIUM |
| Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. | |||||
| CVE-2020-24227 | 1 Playgroundsessions | 1 Playground Sessions | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. | |||||
| CVE-2020-10375 | 1 Newmediacompany | 1 Smarty | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product. | |||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-02-04 | 7.2 HIGH | 5.0 MEDIUM |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | |||||