Total
1020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16223 | 1 Qbeecam | 1 Qbeecam | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. | |||||
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | |||||
| CVE-2018-9280 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | |||||
| CVE-2018-10814 | 1 Synametrics | 1 Synaman | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | |||||
| CVE-2018-20443 | 1 Technicolor | 2 Tc7200.d1i, Tc7200.d1i Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-17613 | 1 Telegram | 1 Telegram Desktop | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | |||||
| CVE-2018-10327 | 1 Printeron | 1 Printeron | 2019-10-03 | 1.9 LOW | 7.0 HIGH |
| PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | |||||
| CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | |||||
| CVE-2018-20394 | 1 Technicolor | 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-1000627 | 1 Battelle | 1 V2i Hub | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. | |||||
| CVE-2018-10286 | 1 Ericssonlg | 1 Ipecs Nms | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | |||||
| CVE-2017-1764 | 1 Ibm | 1 Cognos Business Intelligence | 2019-10-03 | 1.9 LOW | 7.0 HIGH |
| IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | |||||
| CVE-2018-20385 | 1 Castlenet | 8 Cbv38z4ec, Cbv38z4ec Firmware, Cbv38z4ecnit and 5 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | |||||
| CVE-2017-8296 | 1 Ked Password Manager Project | 1 Ked Password Manager | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext. | |||||
| CVE-2018-7698 | 1 D-link | 1 Mydlink\+ | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. | |||||
| CVE-2017-15918 | 1 Ignitum | 1 Sera | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | |||||
| CVE-2018-6618 | 1 Ehcp | 1 Easy Hosting Control Panel | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. | |||||
| CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | |||||
| CVE-2018-0828 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | |||||