Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 4.4 Medium |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | ||||
| CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 8.8 High |
| An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | ||||
| CVE-2017-11510 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-11-21 | N/A |
| An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | ||||
| CVE-2017-11349 | 1 Datataker | 2 Dt8x, Dt8x Firmware | 2024-11-21 | N/A |
| dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | ||||
| CVE-2017-1000387 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | N/A |
| Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations. | ||||
| CVE-2017-1000245 | 1 Jenkins | 1 Ssh | 2024-11-21 | N/A |
| The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. | ||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | N/A |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | ||||
| CVE-2016-9593 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
| foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems. | ||||
| CVE-2016-9360 | 1 Ge | 3 Cimplicity, Historian, Ifix | 2024-11-21 | 6.7 Medium |
| An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. | ||||
| CVE-2016-7043 | 1 Redhat | 1 Kie-server | 2024-11-21 | N/A |
| It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services. | ||||
| CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 9.8 Critical |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | ||||
| CVE-2016-15014 | 1 Cesnet | 1 Theme-cesnet | 2024-11-21 | 3.3 Low |
| A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability. | ||||
| CVE-2016-11029 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). | ||||
| CVE-2015-7546 | 2 Openstack, Oracle | 3 Keystone, Keystonemiddleware, Solaris | 2024-11-21 | 7.5 High |
| The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. | ||||
| CVE-2015-7502 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | ||||
| CVE-2015-5955 | 1 Owncloud | 1 Owncloud | 2024-11-21 | N/A |
| ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | ||||
| CVE-2015-5013 | 1 Ibm | 6 Security Access Manager 9.0, Security Access Manager 9.0 Firmware, Security Access Manager For Mobile and 3 more | 2024-11-21 | 5.5 Medium |
| The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. | ||||
| CVE-2015-3962 | 1 Schneider-electric | 1 Struxureware Building Expert Multi-purpose Management | 2024-11-21 | N/A |
| Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | ||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2024-11-21 | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | ||||
| CVE-2015-3201 | 1 Redhat | 2 Rhel Software Collections, Thermostat | 2024-11-21 | N/A |
| Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | ||||