Total
1071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7698 | 1 D-link | 1 Mydlink\+ | 2024-08-05 | N/A |
| An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. | ||||
| CVE-2018-6618 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-08-05 | N/A |
| Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. | ||||
| CVE-2018-5708 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-08-05 | N/A |
| An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. | ||||
| CVE-2018-4190 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | ||||
| CVE-2018-4170 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. | ||||
| CVE-2018-3609 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-08-05 | N/A |
| A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | ||||
| CVE-2018-1139 | 3 Canonical, Redhat, Samba | 7 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-08-05 | 8.1 High |
| A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | ||||
| CVE-2018-1075 | 2 Ovirt, Redhat | 2 Ovirt, Rhev Manager | 2024-08-05 | N/A |
| ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-1074 | 2 Ovirt, Redhat | 3 Ovirt, Enterprise Virtualization, Rhev Manager | 2024-08-05 | N/A |
| ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. | ||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-08-05 | N/A |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | ||||
| CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2024-08-05 | N/A |
| Fleet before 2.1.2 allows exposure of SMTP credentials. | ||||
| CVE-2019-1010241 | 1 Jenkins | 1 Credentials Binding | 2024-08-05 | 6.5 Medium |
| Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. | ||||
| CVE-2019-1010308 | 1 Aquaverde | 1 Aquarius Cms | 2024-08-05 | N/A |
| Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. | ||||
| CVE-2019-1003097 | 1 Jenkins | 1 Crowd Integration | 2024-08-05 | 6.5 Medium |
| Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-1003096 | 1 Jenkins | 1 Testfairy | 2024-08-05 | 6.5 Medium |
| Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-1003045 | 1 Trustsource | 1 Ecs Publisher | 2024-08-05 | 6.5 Medium |
| A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | ||||
| CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2024-08-05 | 7.8 High |
| An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | ||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2024-08-05 | 8.8 High |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | ||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2024-08-05 | N/A |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | ||||
| CVE-2019-25030 | 1 Versa-networks | 3 Versa Analytics, Versa Director, Versa Operating System | 2024-08-05 | 5.5 Medium |
| In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible. | ||||