Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20442 | 1 Technicolor | 2 Tc7110.b, Tc7110.b Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | |||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 6 Ubuntu Linux, Leap, Requests and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2018-18754 | 1 Zyxel | 2 Vmg3312-b10b, Vmg3312-b10b Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | |||||
| CVE-2018-20443 | 1 Technicolor | 2 Tc7200.d1i, Tc7200.d1i Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2024-02-04 | 4.0 MEDIUM | 7.2 HIGH |
| Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | |||||
| CVE-2018-20396 | 1 Net-wave | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | |||||
| CVE-2018-13822 | 1 Broadcom | 1 Project Portfolio Management | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. | |||||
| CVE-2018-20390 | 1 Kaonmedia | 6 Cg2001-an22a, Cg2001-an22a Firmware, Cg2001-udbna and 3 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20438 | 1 Technicolor | 2 Tc7110.ar, Tc7110.ar Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-1498 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. | |||||
| CVE-2018-19078 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. | |||||
| CVE-2018-20439 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
| Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||
| CVE-2018-12383 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. | |||||
| CVE-2018-15717 | 1 Opendental | 1 Opendental | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. | |||||
| CVE-2018-10814 | 1 Synametrics | 1 Synaman | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | |||||
| CVE-2018-8851 | 1 Echelon | 8 I.lon 100, I.lon 100 Firmware, I.lon 600 and 5 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. | |||||