Total
1180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2024-11-21 | 7.5 High |
| system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | ||||
| CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.8 High |
| Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2014-5381 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 9.8 Critical |
| Grand MA 300 allows a brute-force attack on the PIN. | ||||
| CVE-2014-5093 | 1 Status2k | 1 Status2k | 2024-11-21 | 9.8 Critical |
| Status2k does not remove the install directory allowing credential reset. | ||||
| CVE-2014-4660 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | ||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | ||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 Medium |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | ||||
| CVE-2014-3445 | 1 Handsomeweb | 1 Sos Webpages | 2024-11-21 | 9.8 Critical |
| backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | ||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 7.5 High |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | ||||
| CVE-2014-1423 | 2 Signond Project, Ubports | 2 Signond, Ubuntu Touch | 2024-11-21 | 5.9 Medium |
| signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. | ||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 5.5 Medium |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | ||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | ||||
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | ||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2024-11-21 | 6.8 Medium |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | ||||
| CVE-2013-4423 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 5.5 Medium |
| CloudForms stores user passwords in recoverable format | ||||
| CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2024-11-21 | 7.5 High |
| Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | ||||
| CVE-2013-3313 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 7.5 High |
| The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311. | ||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 7.5 High |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | ||||
| CVE-2013-2106 | 2 Debian, Stanford | 2 Debian Linux, Webauth | 2024-11-21 | 7.5 High |
| webauth before 4.6.1 has authentication credential disclosure | ||||