Total
1071 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2024-08-05 | 7.8 High |
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | ||||
CVE-2018-20399 | 1 Motorola | 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more | 2024-08-05 | N/A |
Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
CVE-2018-20243 | 1 Apache | 1 Fineract | 2024-08-05 | 7.5 High |
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | ||||
CVE-2018-20060 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Urllib3, Ansible Tower and 1 more | 2024-08-05 | N/A |
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | ||||
CVE-2018-19795 | 1 Chipsbank | 1 Umptool | 2024-08-05 | N/A |
ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. | ||||
CVE-2018-19466 | 1 Portainer | 1 Portainer | 2024-08-05 | N/A |
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | ||||
CVE-2018-19078 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-08-05 | N/A |
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. | ||||
CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2024-08-05 | N/A |
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | ||||
CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 8 Ubuntu Linux, Leap, Requests and 5 more | 2024-08-05 | 7.5 High |
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | ||||
CVE-2018-17922 | 1 Circontrol | 2 Circarlife, Circarlife Firmware | 2024-08-05 | N/A |
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | ||||
CVE-2018-17871 | 1 Verint | 1 Verba Collaboration Compliance And Quality Management Platform | 2024-08-05 | 6.5 Medium |
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control. | ||||
CVE-2018-17613 | 1 Telegram | 1 Telegram Desktop | 2024-08-05 | N/A |
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | ||||
CVE-2018-17245 | 1 Elastic | 1 Kibana | 2024-08-05 | N/A |
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | ||||
CVE-2018-16984 | 1 Djangoproject | 1 Django | 2024-08-05 | N/A |
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | ||||
CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-08-05 | N/A |
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | ||||
CVE-2018-16669 | 1 Circontrol | 1 Open Charge Point Protocol | 2024-08-05 | N/A |
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. | ||||
CVE-2018-16223 | 1 Qbeecam | 1 Qbeecam | 2024-08-05 | N/A |
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. | ||||
CVE-2018-16222 | 1 Ismartalarm | 1 Ismartalarm | 2024-08-05 | N/A |
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. | ||||
CVE-2018-16153 | 1 Apereo | 1 Opencast | 2024-08-05 | 7.5 High |
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | ||||
CVE-2018-14081 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2024-08-05 | N/A |
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. |