Total
1020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2335 | 1 42gears | 1 Surelock | 2023-05-08 | N/A | 7.5 HIGH |
| Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | |||||
| CVE-2023-1778 | 1 Gajshield | 2 Data Security Firewall, Data Security Firewall Firmware | 2023-05-08 | N/A | 9.8 CRITICAL |
| This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | |||||
| CVE-2023-26567 | 1 Sangoma | 1 Freepbx Linux 7 | 2023-05-05 | N/A | 8.1 HIGH |
| Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | |||||
| CVE-2023-28084 | 2 Hp, Hpe | 2 Oneview, Oneview Global Dashboard | 2023-05-04 | N/A | 5.5 MEDIUM |
| HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | |||||
| CVE-2023-28088 | 1 Hp | 1 Oneview | 2023-05-04 | N/A | 7.8 HIGH |
| An HPE OneView appliance dump may expose SAN switch administrative credentials | |||||
| CVE-2023-28089 | 1 Hp | 1 Oneview | 2023-05-04 | N/A | 7.1 HIGH |
| An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | |||||
| CVE-2023-28090 | 1 Hp | 1 Oneview | 2023-05-04 | N/A | 5.5 MEDIUM |
| An HPE OneView appliance dump may expose SNMPv3 read credentials | |||||
| CVE-2021-33589 | 1 Ribose | 1 Rnp | 2023-05-03 | N/A | 7.5 HIGH |
| Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | |||||
| CVE-2022-4308 | 1 Secomea | 1 Gatemanager | 2023-04-29 | N/A | 8.8 HIGH |
| Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | |||||
| CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2023-04-28 | N/A | 8.8 HIGH |
| Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | |||||
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | |||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
| CVE-2018-14081 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | |||||
| CVE-2018-20389 | 2 D-link, Dlink | 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2023-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
| CVE-2019-10224 | 1 Fedoraproject | 1 389 Directory Server | 2023-04-24 | 2.1 LOW | 4.6 MEDIUM |
| A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information. | |||||
| CVE-2023-25413 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2023-04-14 | N/A | 7.5 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. | |||||
| CVE-2023-25407 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2023-04-14 | N/A | 7.2 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. | |||||
| CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2023-04-01 | N/A | 7.5 HIGH |
| In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | |||||
| CVE-2019-11092 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-03-24 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||