Total
1072 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8339 | 1 Ibm | 2 Bladecenter Advanced Management Module, Bladecenter Advanced Management Module Firmware | 2024-09-16 | 4.3 Medium |
| A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. | ||||
| CVE-2019-0035 | 1 Juniper | 1 Junos | 2024-09-16 | 6.8 Medium |
| When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1. | ||||
| CVE-2021-28496 | 1 Arista | 1 Eos | 2024-09-16 | 5.7 Medium |
| On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train | ||||
| CVE-2018-20389 | 2 D-link, Dlink | 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more | 2024-09-16 | N/A |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2018-20391 | 1 Teknotel | 2 Cbw700n, Cbw700n Firmware | 2024-09-16 | N/A |
| TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2017-16718 | 1 Beckhoff | 1 Twincat | 2024-09-16 | N/A |
| Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added. | ||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2024-09-16 | 6 Medium |
| HCL VersionVault Express exposes administrator credentials. | ||||
| CVE-2018-20386 | 1 Commscope | 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware | 2024-09-16 | 9.8 Critical |
| ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-09-16 | 5.5 Medium |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | ||||
| CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2024-09-16 | 5.5 Medium |
| IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | ||||
| CVE-2017-9557 | 1 Echatserver | 1 Easy Chat Server | 2024-09-16 | 7.5 High |
| register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | ||||
| CVE-2018-20395 | 1 Net-wave | 2 Ming6200, Ming6200 Firmware | 2024-09-16 | N/A |
| NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2024-09-16 | 6.4 Medium |
| Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | ||||
| CVE-2018-15456 | 1 Cisco | 1 Identity Services Engine | 2024-09-16 | N/A |
| A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack. | ||||
| CVE-2020-3180 | 1 Cisco | 13 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 10 more | 2024-09-16 | 7.8 High |
| A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges. | ||||
| CVE-2018-11544 | 1 Theolivetree | 1 Ftp Server | 2024-09-16 | 9.8 Critical |
| The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. | ||||
| CVE-2018-20385 | 1 Castlenet | 8 Cbv38z4ec, Cbv38z4ec Firmware, Cbv38z4ecnit and 5 more | 2024-09-16 | N/A |
| CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2022-22251 | 1 Juniper | 2 Csrx, Junos | 2024-09-16 | 7.8 High |
| On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. | ||||
| CVE-2021-39045 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-16 | 5.5 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | ||||
| CVE-2022-22767 | 1 Bd | 32 Pyxis Anesthesia Station Es, Pyxis Anesthesia Station Es Firmware, Pyxis Ciisafe and 29 more | 2024-09-16 | 8.8 High |
| Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information. | ||||