Total
1071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2024-08-05 | N/A |
| An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | ||||
| CVE-2018-13014 | 1 Safensoft | 3 Enterprise Suite, Syswatch, Tpsecure | 2024-08-05 | N/A |
| Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings. | ||||
| CVE-2018-12383 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | N/A |
| If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. | ||||
| CVE-2018-12038 | 1 Samsung | 2 840 Evo, 840 Evo Firmware | 2024-08-05 | N/A |
| An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | ||||
| CVE-2018-11748 | 1 Puppet | 1 Device Manager | 2024-08-05 | N/A |
| Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0. | ||||
| CVE-2018-11742 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-08-05 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | ||||
| CVE-2018-11752 | 1 Puppet | 1 Cisco Ios | 2024-08-05 | 5.5 Medium |
| Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release. | ||||
| CVE-2018-11639 | 1 Dialogic | 1 Powermedia Xms | 2024-08-05 | N/A |
| Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | ||||
| CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2024-08-05 | N/A |
| Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | ||||
| CVE-2018-10814 | 1 Synametrics | 1 Synaman | 2024-08-05 | N/A |
| Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | ||||
| CVE-2018-10824 | 1 Dlink | 15 Dir-140l, Dir-140l Firmware, Dir-640l and 12 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access. | ||||
| CVE-2018-10355 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-08-05 | N/A |
| An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. | ||||
| CVE-2018-10327 | 1 Printeron | 1 Printeron | 2024-08-05 | N/A |
| PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | ||||
| CVE-2018-10286 | 1 Ericssonlg | 1 Ipecs Nms | 2024-08-05 | N/A |
| The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | ||||
| CVE-2018-9280 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2024-08-05 | N/A |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | ||||
| CVE-2018-9279 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2024-08-05 | N/A |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. | ||||
| CVE-2018-9160 | 1 Sickrage | 1 Sickrage | 2024-08-05 | N/A |
| SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. | ||||
| CVE-2018-9031 | 1 Tnlsoftsolutions | 1 Sentry Vision | 2024-08-05 | N/A |
| The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. | ||||
| CVE-2018-8858 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-08-05 | N/A |
| If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials. | ||||
| CVE-2018-7820 | 1 Schneider-electric | 8 Ap9630, Ap9630 Firmware, Ap9631 and 5 more | 2024-08-05 | 9.8 Critical |
| A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | ||||