Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15656 | 2 D-link, Dlink | 4 Dsl-2875al Firmware, Dsl-2877al Firmware, Dsl-2875al and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | |||||
| CVE-2020-16134 | 1 Swisscom | 10 Internet-box 2, Internet-box 2 Firmware, Internet-box 3 and 7 more | 2024-02-04 | 7.7 HIGH | 8.0 HIGH |
| An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device's plus or reset button, an attacker can create a user with elevated privileges on the Sysbus-API. This can then be used to modify local or remote SSH access, thus allowing a login session as the superuser. | |||||
| CVE-2020-2208 | 1 Jenkins | 1 Slack Upload | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2213 | 1 Jenkins | 1 White Source | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system. | |||||
| CVE-2020-2218 | 1 Hp Application Lifecycle Management Quality Center Project | 1 Hp Application Lifecycle Management Quality Center | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-14334 | 1 Redhat | 1 Satellite | 2024-02-04 | 4.6 MEDIUM | 8.8 HIGH |
| A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | |||||
| CVE-2019-10682 | 1 Django-nopassword Project | 1 Django-nopassword | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| django-nopassword before 5.0.0 stores cleartext secrets in the database. | |||||
| CVE-2020-5263 | 1 Auth0 | 1 Auth0.js | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3 | |||||
| CVE-2020-14426 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11. | |||||
| CVE-2020-9403 | 1 Pactware | 1 Pactware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. | |||||
| CVE-2020-11555 | 1 Castlerock | 1 Snmpc Online | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | |||||
| CVE-2020-1259 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-24622 | 1 Sonatype | 1 Nexus | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | |||||
| CVE-2020-14428 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
| CVE-2019-4697 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | |||||
| CVE-2020-11694 | 2 Jetbrains, Microsoft | 2 Pycharm, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | |||||
| CVE-2019-4693 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. | |||||
| CVE-2020-15841 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-02-04 | 4.3 MEDIUM | 8.8 HIGH |
| Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature. | |||||
| CVE-2019-20881 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | |||||