Total
1286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20400 | 1 Ubeeinteractive | 4 Dvw2108, Dvw2108 Firmware, Dvw2110 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20399 | 1 Motorola | 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20397 | 1 Mplustec | 2 Cbc383z, Cbc383z Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20396 | 1 Telaum | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20395 | 1 Net-wave | 2 Ming6200, Ming6200 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20394 | 1 Technicolor | 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20392 | 1 Cisco | 2 Dpc2100, Dpc2100 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20391 | 1 Teknotel | 2 Cbw700n, Cbw700n Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20390 | 1 Kaonmedia | 6 Cg2001-an22a, Cg2001-an22a Firmware, Cg2001-udbna and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20389 | 2 D-link, Dlink | 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20388 | 1 Comtrend | 4 Cm-6200un, Cm-6200un Firmware, Cm-6300n and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20387 | 1 Bnmux | 6 Bcw700j, Bcw700j Firmware, Bcw710j and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20386 | 1 Commscope | 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20385 | 1 Castlenet | 8 Cbv38z4ec, Cbv38z4ec Firmware, Cbv38z4ecnit and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20384 | 1 Inovobb | 4 Ib-8120-w21, Ib-8120-w21 Firmware, Ib-8120-w21e1 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20383 | 2 Arris, Commscope | 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20382 | 1 Jezetek-intl | 2 Bcm93383wrg, Bcm93383wrg Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
|||||
| CVE-2018-20243 | 1 Apache | 1 Fineract | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
|
|||||
| CVE-2018-1498 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.
|
|||||
| CVE-2018-1377 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.
|
|||||
| CVE-2018-1139 | 3 Canonical, Redhat, Samba | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
|
|||||
| CVE-2018-1075 | 1 Ovirt | 1 Ovirt | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
|
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
|
|||||
| CVE-2018-1074 | 2 Ovirt, Redhat | 2 Ovirt, Enterprise Virtualization | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
|
|||||
| CVE-2018-19795 | 1 Chipsbank | 1 Umptool | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.
|
|||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
|
|||||
| CVE-2018-19078 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.
|
|||||
| CVE-2018-18754 | 1 Zyxel | 2 Vmg3312-b10b, Vmg3312-b10b Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
|
|||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.
|
|||||
| CVE-2018-18656 | 1 Purevpn | 1 Purevpn | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.
|
|||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 6 Ubuntu Linux, Leap, Requests and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
|
|||||
| CVE-2018-17969 | 1 Samsung | 2 Scx-6545x, Scx-6545x Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
|
|||||
| CVE-2018-17922 | 1 Circontrol | 2 Circarlife, Circarlife Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
|
|||||
| CVE-2018-17900 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
|
|||||
| CVE-2018-17871 | 1 Verint | 1 Verba Collaboration Compliance And Quality Management Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.
|
|||||
| CVE-2018-17613 | 1 Telegram | 1 Telegram Desktop | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
|
|||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2024-11-21 | 2.1 LOW | 2.9 LOW |
|
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
|
|||||
| CVE-2018-17245 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.
|
|||||
| CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
|
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
|
|||||
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
|
|||||