Total
1012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12038 | 1 Samsung | 2 840 Evo, 840 Evo Firmware | 2020-08-24 | 1.9 LOW | 4.2 MEDIUM |
| An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | |||||
| CVE-2019-13400 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | |||||
| CVE-2019-9657 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. | |||||
| CVE-2019-11367 | 1 Auo | 1 Solar Data Recorder | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully. | |||||
| CVE-2018-18656 | 1 Purevpn | 1 Purevpn | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. | |||||
| CVE-2019-9867 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | |||||
| CVE-2019-0120 | 1 Intel | 56 Atom 230, Atom 230 Firmware, Atom 330 and 53 more | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-13349 | 1 Knowage-suite | 1 Knowage | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | |||||
| CVE-2018-1000851 | 1 Copay | 1 Copay Bitcoin Wallet | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later . | |||||
| CVE-2019-13054 | 1 Logitech | 2 R500, R500 Firmware | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z. | |||||
| CVE-2018-1000425 | 1 Sonarsource | 1 Sonarqube Scanner | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | |||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
| CVE-2019-14709 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | |||||
| CVE-2019-7260 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | |||||
| CVE-2019-11350 | 1 Cloudbees | 1 Jenkins Operations Center | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. | |||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | |||||
| CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | |||||
| CVE-2019-8932 | 1 Rdbrck | 1 Shift | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2019-4138 | 1 Ibm | 1 Spectrum Control | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. | |||||
| CVE-2019-1384 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 6.5 MEDIUM | 9.9 CRITICAL |
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | |||||