ReportizFlow
Filtered by vendor
Subscriptions
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-14930 | 1 Bt Ctroms Terminal Project | 1 Bt Ctroms Terminal | 2024-11-21 | 8.1 High |
| An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | ||||
| CVE-2020-14489 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.2 Medium |
| OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. | ||||
| CVE-2020-14391 | 2 Gnome, Redhat | 6 Control Center, Enterprise Linux, Enterprise Linux Aus and 3 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-14334 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 8.8 High |
| A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | ||||
| CVE-2020-13915 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 7.5 High |
| Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13344 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.7 Medium |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis | ||||
| CVE-2020-12333 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | 7.8 High |
| Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12316 | 1 Intel | 1 Endpoint Management Assistant | 2024-11-21 | 5.5 Medium |
| Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2020-12309 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2024-11-21 | 4.6 Medium |
| Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | ||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 High |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | ||||
| CVE-2020-12061 | 1 Nitrokey | 2 Fido U2f, Fido U2f Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller. | ||||
| CVE-2020-11925 | 1 Luvion | 2 Grand Elite 3 Connect, Grand Elite 3 Connect Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. | ||||
| CVE-2020-11821 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.3 Medium |
| In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them. | ||||
| CVE-2020-11694 | 2 Jetbrains, Microsoft | 2 Pycharm, Windows | 2024-11-21 | 7.5 High |
| In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | ||||
| CVE-2020-11681 | 1 Castel | 2 Nextgen Dvr, Nextgen Dvr Firmware | 2024-11-21 | 8.1 High |
| Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials. | ||||
| CVE-2020-11629 | 1 Primekey | 1 Ejbca | 2024-11-21 | 7.2 High |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | ||||
| CVE-2020-11560 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 7.8 High |
| NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | ||||
| CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | ||||
| CVE-2020-11555 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | ||||