Total
1070 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10710 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-04 | 4.4 Medium |
| A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. | ||||
| CVE-2020-10554 | 1 Psyprax | 1 Psyprax | 2024-08-04 | 7.5 High |
| An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | ||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-08-04 | 8.1 High |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-08-04 | 8.8 High |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | ||||
| CVE-2020-9324 | 1 Aquaforest | 1 Tiff Server | 2024-08-04 | 7.5 High |
| Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. | ||||
| CVE-2020-9403 | 1 Pactware | 1 Pactware | 2024-08-04 | 5.5 Medium |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. | ||||
| CVE-2020-9404 | 1 Pactware | 1 Pactware | 2024-08-04 | 7.1 High |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. | ||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2024-08-04 | 8.8 High |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | ||||
| CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 8.1 High |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | ||||
| CVE-2020-8210 | 1 Citrix | 1 Xenmobile Server | 2024-08-04 | 7.5 High |
| Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. | ||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 7.5 High |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | ||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.4 Medium |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | ||||
| CVE-2020-7945 | 1 Puppet | 1 Continuous Delivery | 2024-08-04 | 5.5 Medium |
| Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. | ||||
| CVE-2020-7940 | 1 Plone | 1 Plone | 2024-08-04 | 7.5 High |
| Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. | ||||
| CVE-2020-7909 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 7.5 High |
| In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | ||||
| CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 5.2 Medium |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | ||||
| CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 5.2 Medium |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | ||||
| CVE-2020-7233 | 1 Kmccontrols | 2 Bac-a1616bc, Bac-a1616bc Firmware | 2024-08-04 | 9.8 Critical |
| KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | ||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2024-08-04 | 6.5 Medium |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | ||||
| CVE-2020-6961 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-08-04 | 10.0 Critical |
| In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. | ||||