ReportizFlow
Filtered by vendor
Subscriptions
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3663 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 9.8 Critical |
| Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details | ||||
| CVE-2019-3431 | 1 Zte | 1 Zxcloud Goldendata Vap | 2024-11-21 | 9.8 Critical |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. | ||||
| CVE-2019-2949 | 7 Canonical, Debian, Mcafee and 4 more | 17 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 14 more | 2024-11-21 | 6.8 Medium |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2019-25030 | 1 Versa-networks | 3 Versa Analytics, Versa Director, Versa Operating System | 2024-11-21 | 5.5 Medium |
| In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible. | ||||
| CVE-2019-20047 | 1 Al-enterprise | 2 Omnivista 4760, Omnivista 8770 | 2024-11-21 | 7.5 High |
| An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>. | ||||
| CVE-2019-1384 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.9 Critical |
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | ||||
| CVE-2019-19898 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.5 High |
| In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | ||||
| CVE-2019-19890 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. | ||||
| CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 9.8 Critical |
| Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | ||||
| CVE-2019-19823 | 11 Ciktel, Coship, Fg-products and 8 more | 36 Mesh Router, Mesh Router Firmware, Emta Ap and 33 more | 2024-11-21 | 7.5 High |
| A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | ||||
| CVE-2019-19696 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 5.5 Medium |
| A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | ||||
| CVE-2019-19687 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | 8.8 High |
| OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | ||||
| CVE-2019-19539 | 1 Hp | 3 Web Viewpoint T0320, Web Viewpoint T0952, Web Viewpoint T0986 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. | ||||
| CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 Medium |
| GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | ||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | ||||
| CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 5.5 Medium |
| An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | ||||
| CVE-2019-19105 | 2 Abb, Busch-jaeger | 4 Tg\/s3.2, Tg\/s3.2 Firmware, 6186\/11 and 1 more | 2024-11-21 | 6.2 Medium |
| The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | ||||
| CVE-2019-19096 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.1 Medium |
| The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | ||||
| CVE-2019-18868 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 9.8 Critical |
| Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | ||||
| CVE-2019-18785 | 1 Suitecrm | 1 Suitecrm | 2024-11-21 | 7.5 High |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | ||||