Total
1145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42445 | 1 Hcltechsw | 1 Hcl Launch | 2025-04-25 | N/A | 4.9 MEDIUM |
| HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | |||||
| CVE-2024-42457 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-24 | N/A | 6.5 MEDIUM |
| A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. | |||||
| CVE-2022-43442 | 1 Fsi | 2 Fs040u, Fs040u Firmware | 2025-04-24 | N/A | 4.6 MEDIUM |
| Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console. | |||||
| CVE-2025-32963 | 2025-04-23 | N/A | N/A | ||
| MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0. | |||||
| CVE-2017-13998 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
| An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | |||||
| CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
| CVE-2017-8225 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. | |||||
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | |||||
| CVE-2017-1337 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | |||||
| CVE-2017-15272 | 1 Psftp | 1 Psftpd | 2025-04-20 | 2.1 LOW | 5.3 MEDIUM |
| The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password. | |||||
| CVE-2017-6528 | 1 Dnatools | 1 Dnalims | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). | |||||
| CVE-2017-7524 | 1 Tpm2-tools Project | 1 Tpm2.0-tools | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | |||||
| CVE-2017-6709 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. | |||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | |||||
| CVE-2017-1378 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. | |||||
| CVE-2017-5700 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2025-04-20 | 7.2 HIGH | 8.4 HIGH |
| Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | |||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-04-20 | 4.0 MEDIUM | 6.8 MEDIUM |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-17106 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | |||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | |||||
| CVE-2017-8222 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. | |||||