Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26905 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-7945 | 1 Puppet | 1 Continuous Delivery | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. | |||||
| CVE-2020-27258 | 1 Sooil | 4 Anydana-a, Anydana-i, Dana Diabecare Rs and 1 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy. | |||||
| CVE-2020-27646 | 1 Biscom | 1 Secure File Transfer | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | |||||
| CVE-2020-4602 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. | |||||
| CVE-2020-27888 | 1 Ui | 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. | |||||
| CVE-2020-3547 | 1 Cisco | 4 Asyncos, Content Security Management Appliance, Email Security Appliance and 1 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface. | |||||
| CVE-2020-4593 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. | |||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | |||||
| CVE-2019-13021 | 1 Jetstream | 1 Jetselect | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | |||||
| CVE-2020-2209 | 1 Jenkins | 1 Testcomplete Support | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2017-18843 | 1 Netgear | 6 D7000, D7000 Firmware, R6700 and 3 more | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. | |||||
| CVE-2020-2078 | 1 Sick | 1 Package Analytics | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. | |||||
| CVE-2020-5260 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. | |||||
| CVE-2019-19135 | 1 Opcfoundation | 2 Netstandard.opc.ua, Ua-.netstandard | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
| In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | |||||
| CVE-2020-13261 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | |||||
| CVE-2019-19096 | 1 Hitachienergy | 1 Esoms | 2024-02-04 | 3.6 LOW | 6.1 MEDIUM |
| The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | |||||
| CVE-2020-2212 | 1 Jenkins | 1 Github Coverage Reporter | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration. | |||||
| CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | |||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | |||||