Total
1112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18845 | 1 Netgear | 4 R6700, R6700 Firmware, R6800 and 1 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. | |||||
| CVE-2017-18844 | 1 Netgear | 6 D7000, D7000 Firmware, R6700 and 3 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. | |||||
| CVE-2017-18843 | 1 Netgear | 6 D7000, D7000 Firmware, R6700 and 3 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. | |||||
| CVE-2017-18777 | 1 Netgear | 36 D6220, D6220 Firmware, D6400 and 33 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. | |||||
| CVE-2017-18695 | 1 Google | 1 Android | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017). | |||||
| CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||
| CVE-2017-16714 | 1 Iceqube | 2 Thermal Management Center, Thermal Management Center Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | |||||
| CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | |||||
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | |||||
| CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | |||||
| CVE-2017-11510 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | |||||
| CVE-2017-1000387 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations. | |||||
| CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
| CVE-2016-15014 | 1 Cesnet | 1 Theme-cesnet | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability. | |||||
| CVE-2016-11029 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). | |||||
| CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | |||||
| CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | |||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | |||||
| CVE-2014-5381 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Grand MA 300 allows a brute-force attack on the PIN. | |||||
| CVE-2014-5093 | 1 Status2k | 1 Status2k | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Status2k does not remove the install directory allowing credential reset. | |||||