Total
1206 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5140 | 1 Honeywell | 1 Xl Web Ii Controller | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | |||||
| CVE-2017-6709 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. | |||||
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 7.5 HIGH |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | |||||
| CVE-2024-40583 | 1 Pentaminds | 1 Curovms | 2025-04-17 | N/A | 9.1 CRITICAL |
| Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. | |||||
| CVE-2025-27650 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. | |||||
| CVE-2025-27648 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. | |||||
| CVE-2025-22372 | 2025-04-15 | N/A | N/A | ||
| Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14 Dec 2021. | |||||
| CVE-2015-7546 | 2 Openstack, Oracle | 3 Keystone, Keystonemiddleware, Solaris | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
| The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. | |||||
| CVE-2015-5955 | 1 Owncloud | 1 Owncloud Client | 2025-04-12 | 5.0 MEDIUM | N/A |
| ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | |||||
| CVE-2015-3962 | 1 Schneider-electric | 1 Struxureware Building Expert Multi-purpose Management | 2025-04-12 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2014-4806 | 2 Ibm, Linux | 2 Security Appscan, Linux Kernel | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2014-1812 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability." | |||||
| CVE-2012-5627 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2025-04-11 | 4.0 MEDIUM | N/A |
| Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | |||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | |||||
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | 7.8 HIGH | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | |||||
| CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2025-04-11 | 3.5 LOW | N/A |
| Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | |||||
| CVE-2024-51546 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-04-10 | N/A | 7.5 HIGH |
| Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2023-40510 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 7.5 HIGH |
| LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20012. | |||||