ReportizFlow
Filtered by vendor
Subscriptions
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2024-11-21 | 7.8 High |
| A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20228 | 2 Debian, Redhat | 6 Debian Linux, Ansible Automation Platform, Ansible Engine and 3 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-20164 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. | ||||
| CVE-2021-20163 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. | ||||
| CVE-2021-20146 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 9.8 Critical |
| An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. | ||||
| CVE-2021-1731 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 5.5 Medium |
| PFX Encryption Security Feature Bypass Vulnerability | ||||
| CVE-2021-1589 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 6.5 Medium |
| A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. | ||||
| CVE-2021-1537 | 1 Cisco | 1 Thousandeyes Recorder | 2024-11-21 | 6.2 Medium |
| A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer. | ||||
| CVE-2021-1392 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 7.8 High |
| A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device. | ||||
| CVE-2021-0220 | 1 Juniper | 1 Junos Space | 2024-11-21 | 6.8 Medium |
| The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. | ||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-11-21 | 5 Medium |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | ||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-11-21 | 8.1 High |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 8.8 High |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | ||||
| CVE-2020-9404 | 1 Pactware | 1 Pactware | 2024-11-21 | 7.1 High |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. | ||||
| CVE-2020-9403 | 1 Pactware | 1 Pactware | 2024-11-21 | 5.5 Medium |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. | ||||
| CVE-2020-9324 | 1 Aquaforest | 1 Tiff Server | 2024-11-21 | 7.5 High |
| Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. | ||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2024-11-21 | 8.8 High |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | ||||
| CVE-2020-8339 | 1 Ibm | 2 Bladecenter Advanced Management Module, Bladecenter Advanced Management Module Firmware | 2024-11-21 | 4.3 Medium |
| A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. | ||||
| CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | ||||
| CVE-2020-8210 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 7.5 High |
| Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. | ||||