Total
1145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20243 | 1 Apache | 1 Fineract | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | |||||
| CVE-2018-1498 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. | |||||
| CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | |||||
| CVE-2018-1139 | 3 Canonical, Redhat, Samba | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | |||||
| CVE-2018-1074 | 2 Ovirt, Redhat | 2 Ovirt, Enterprise Virtualization | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. | |||||
| CVE-2018-19795 | 1 Chipsbank | 1 Umptool | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. | |||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | |||||
| CVE-2018-19078 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. | |||||
| CVE-2018-18754 | 1 Zyxel | 2 Vmg3312-b10b, Vmg3312-b10b Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | |||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
| CVE-2018-18656 | 1 Purevpn | 1 Purevpn | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. | |||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 6 Ubuntu Linux, Leap, Requests and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2018-17969 | 1 Samsung | 2 Scx-6545x, Scx-6545x Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | |||||
| CVE-2018-17900 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. | |||||
| CVE-2018-17871 | 1 Verint | 1 Verba Collaboration Compliance And Quality Management Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control. | |||||
| CVE-2018-17613 | 1 Telegram | 1 Telegram Desktop | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | |||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2018-17245 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | |||||
| CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | |||||
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | |||||