Total
1071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25052 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-07 | 4.4 Medium |
| IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | ||||
| CVE-2007-0681 | 1 Extcalendar Project | 1 Extcalendar | 2024-08-07 | 9.8 Critical |
| profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | ||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-08-07 | 5.5 Medium |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | ||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-08-07 | 5.5 Medium |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2024-08-06 | 7.5 High |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | ||||
| CVE-2012-5627 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2024-08-06 | N/A |
| Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | ||||
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-08-06 | 5.5 Medium |
| Claws Mail vCalendar plugin: credentials exposed on interface | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-08-06 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2024-08-06 | N/A |
| Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | ||||
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-08-06 | 9.8 Critical |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | ||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-08-06 | 9.8 Critical |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | ||||
| CVE-2013-6372 | 2 Jenkins-ci, Redhat | 2 Subversion-plugin, Openshift | 2024-08-06 | N/A |
| The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. | ||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2024-08-06 | 6.8 Medium |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | ||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2024-08-06 | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | ||||
| CVE-2013-4423 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-06 | 5.5 Medium |
| CloudForms stores user passwords in recoverable format | ||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2024-08-06 | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2024-08-06 | 7.5 High |
| Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | ||||
| CVE-2013-3313 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-08-06 | 7.5 High |
| The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311. | ||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-08-06 | 7.5 High |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | ||||
| CVE-2013-2106 | 2 Debian, Stanford | 2 Debian Linux, Webauth | 2024-08-06 | 7.5 High |
| webauth before 4.6.1 has authentication credential disclosure | ||||