Total
1071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20047 | 1 Al-enterprise | 2 Omnivista 4760, Omnivista 8770 | 2024-08-05 | 7.5 High |
| An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>. | ||||
| CVE-2019-19898 | 1 Ixpdata | 1 Easyinstall | 2024-08-05 | 7.5 High |
| In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | ||||
| CVE-2019-19890 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2024-08-05 | 7.5 High |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. | ||||
| CVE-2019-19823 | 11 Ciktel, Coship, Fg-products and 8 more | 36 Mesh Router, Mesh Router Firmware, Emta Ap and 33 more | 2024-08-05 | 7.5 High |
| A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | ||||
| CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-08-05 | 9.8 Critical |
| Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | ||||
| CVE-2019-19687 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-08-05 | 8.8 High |
| OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | ||||
| CVE-2019-19696 | 1 Trendmicro | 1 Password Manager | 2024-08-05 | 5.5 Medium |
| A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | ||||
| CVE-2019-19539 | 1 Hp | 3 Web Viewpoint T0320, Web Viewpoint T0952, Web Viewpoint T0986 | 2024-08-05 | 5.5 Medium |
| An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. | ||||
| CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 4.9 Medium |
| GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | ||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-08-05 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | ||||
| CVE-2019-19096 | 1 Hitachienergy | 1 Esoms | 2024-08-05 | 6.1 Medium |
| The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | ||||
| CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2024-08-05 | 5.5 Medium |
| An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | ||||
| CVE-2019-19105 | 2 Abb, Busch-jaeger | 4 Tg\/s3.2, Tg\/s3.2 Firmware, 6186\/11 and 1 more | 2024-08-05 | 6.2 Medium |
| The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | ||||
| CVE-2019-18868 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-08-05 | 9.8 Critical |
| Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | ||||
| CVE-2019-18785 | 1 Suitecrm | 1 Suitecrm | 2024-08-05 | 7.5 High |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | ||||
| CVE-2019-18615 | 1 Arista | 1 Cloudvision Portal | 2024-08-05 | 4.9 Medium |
| In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application. | ||||
| CVE-2019-18256 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2024-08-05 | 4.6 Medium |
| BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit. | ||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-08-05 | 9.8 Critical |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | ||||
| CVE-2019-17497 | 1 Tracker-software | 1 Pdf-xchange Editor | 2024-08-05 | 6.5 Medium |
| Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | ||||
| CVE-2019-17393 | 1 Tomedo | 1 Server | 2024-08-05 | 9.8 Critical |
| The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | ||||