Total
1109 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-1669 | 1 Juniper | 2 Junos, Nfx350 | 2024-11-21 | 6.3 Medium |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2. | ||||
CVE-2020-18406 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 7.5 High |
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | ||||
CVE-2020-17489 | 5 Canonical, Debian, Gnome and 2 more | 5 Ubuntu Linux, Debian Linux, Gnome-shell and 2 more | 2024-11-21 | 4.3 Medium |
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | ||||
CVE-2020-17477 | 1 Univention | 1 Ucs\@school | 2024-11-21 | 6.5 Medium |
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. | ||||
CVE-2020-16280 | 1 Rangee | 1 Rangeeos | 2024-11-21 | 5.5 Medium |
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system. | ||||
CVE-2020-16097 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 7.3 High |
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. | ||||
CVE-2020-15942 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 Medium |
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | ||||
CVE-2020-15791 | 1 Siemens | 28 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 312 Firmware, Simatic S7-300 Cpu 314 and 25 more | 2024-11-21 | 6.5 Medium |
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. | ||||
CVE-2020-15661 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. | ||||
CVE-2020-15381 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | ||||
CVE-2020-15347 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 9.8 Critical |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | ||||
CVE-2020-15341 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | ||||
CVE-2020-15157 | 4 Canonical, Debian, Linuxfoundation and 1 more | 4 Ubuntu Linux, Debian Linux, Containerd and 1 more | 2024-11-21 | 6.1 Medium |
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. | ||||
CVE-2020-15062 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 8.8 High |
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 8.8 High |
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 8.8 High |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
CVE-2020-14930 | 1 Bt Ctroms Terminal Project | 1 Bt Ctroms Terminal | 2024-11-21 | 8.1 High |
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | ||||
CVE-2020-14489 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.2 Medium |
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. | ||||
CVE-2020-14391 | 2 Gnome, Redhat | 6 Control Center, Enterprise Linux, Enterprise Linux Aus and 3 more | 2024-11-21 | 5.5 Medium |
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | ||||
CVE-2020-14334 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 8.8 High |
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. |