Search
Total
158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45611 | 1 Fresenius-kabi | 2 Pharmahelp, Pharmahelp Firmware | 2024-01-10 | N/A | 9.8 CRITICAL |
| An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | |||||
| CVE-2023-47577 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2023-12-18 | N/A | 9.8 CRITICAL |
| An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. | |||||
| CVE-2023-20965 | 1 Google | 1 Android | 2023-08-24 | N/A | 9.8 CRITICAL |
| In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-36082 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | |||||
| CVE-2021-30116 | 1 Kaseya | 2 Vsa Agent, Vsa Server | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system. | |||||
| CVE-2022-34371 | 1 Dell | 1 Emc Powerscale Onefs | 2023-08-08 | N/A | 9.8 CRITICAL |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | |||||
| CVE-2020-29583 | 1 Zyxel | 30 Usg110, Usg1100, Usg1100 Firmware and 27 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | |||||
| CVE-2020-12061 | 1 Nitrokey | 2 Fido U2f, Fido U2f Firmware | 2022-07-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller. | |||||
| CVE-2020-21994 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | |||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2022-07-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | |||||
| CVE-2019-10160 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2022-07-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. | |||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | |||||
| CVE-2022-1715 | 1 Facturascripts | 1 Facturascripts | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. | |||||
| CVE-2022-28005 | 1 3cx | 1 3cx | 2022-05-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32. | |||||
| CVE-2021-22681 | 1 Rockwellautomation | 20 Compact Guardlogix 5370, Compact Guardlogix 5380, Compactlogix 1768 and 17 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | |||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2022-02-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | |||||
| CVE-2021-23196 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | |||||
| CVE-2021-37400 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
| CVE-2021-37401 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
| CVE-2021-20146 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. | |||||
| CVE-2021-41300 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | |||||
| CVE-2018-20386 | 1 Commscope | 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware | 2021-09-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20383 | 2 Arris, Commscope | 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more | 2021-09-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-11742 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2021-09-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | |||||
| CVE-2021-20597 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2021-08-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | |||||
| CVE-2021-35965 | 1 Learningdigital | 1 Orca Hcm | 2021-07-27 | 10.0 HIGH | 9.8 CRITICAL |
| The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2019-5505 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | |||||
| CVE-2019-3431 | 1 Zte | 1 Zxcloud Goldendata Vap | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. | |||||
| CVE-2019-17393 | 1 Tomedo | 1 Server | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | |||||
| CVE-2019-18868 | 1 Blaauwproducts | 1 Remote Kiln Control | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | |||||
| CVE-2020-9275 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials. | |||||
| CVE-2020-9023 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. | |||||
| CVE-2019-15311 | 1 Linkplay | 1 Linkplay | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities. | |||||
| CVE-2019-9095 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. | |||||
| CVE-2020-26101 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | |||||
| CVE-2019-20033 | 1 Nec | 2 Sv8100, Sv8100 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface. | |||||
| CVE-2019-13022 | 1 Jetstream | 1 Jetselect | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers). | |||||
| CVE-2020-25848 | 1 Hgiga | 10 Msr45 Isherlock-antispam, Msr45 Isherlock-audit, Msr45 Isherlock-base and 7 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | |||||
| CVE-2020-6874 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2021-07-21 | 5.5 MEDIUM | 9.1 CRITICAL |
| A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. | |||||
| CVE-2020-25011 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | |||||
| CVE-2020-4567 | 1 Ibm | 1 Security Key Lifecycle Manager | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156. | |||||
| CVE-2020-13859 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature. | |||||
| CVE-2020-13835 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | |||||
| CVE-2020-29058 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. | |||||
| CVE-2020-26097 | 1 Planet | 4 Nvr-1615, Nvr-1615 Firmware, Nvr-915 and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-26510 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | |||||
| CVE-2020-27555 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2020-13312 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | |||||
| CVE-2020-28929 | 1 Epson | 2 Eps Tse Server 8, Eps Tse Server 8 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | |||||
| CVE-2020-26105 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | |||||