Search
Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31539 | 1 Wowza | 1 Streaming Engine | 2021-12-08 | 2.1 LOW | 5.5 MEDIUM |
| Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords. | |||||
| CVE-2021-38949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-11-17 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. | |||||
| CVE-2020-10053 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2021-11-11 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | |||||
| CVE-2021-25502 | 1 Google | 1 Android | 2021-11-08 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | |||||
| CVE-2020-15935 | 1 Fortinet | 1 Fortiadc | 2021-11-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields. | |||||
| CVE-2021-29786 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2021-11-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. | |||||
| CVE-2019-18254 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2021-10-29 | 2.1 LOW | 4.6 MEDIUM |
| BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with. | |||||
| CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2021-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
| CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2021-10-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | |||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2021-10-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | |||||
| CVE-2020-4944 | 1 Ibm | 1 Urbancode Deploy | 2021-10-18 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. | |||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
| CVE-2021-29904 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 2.1 LOW | 5.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. | |||||
| CVE-2020-10727 | 2 Apache, Netapp | 2 Activemq Artemis, Oncommand Workflow Automation | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. | |||||
| CVE-2021-1865 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-16 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. | |||||
| CVE-2021-22194 | 1 Gitlab | 1 Gitlab | 2021-09-14 | 2.1 LOW | 4.4 MEDIUM |
| In all versions of GitLab, marshalled session keys were being stored in Redis. | |||||
| CVE-2021-36096 | 1 Otrs | 1 Otrs | 2021-09-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | |||||
| CVE-2021-23827 | 4 Apple, Keybase, Microsoft and 1 more | 4 Macos, Keybase, Windows and 1 more | 2021-09-08 | 2.1 LOW | 5.5 MEDIUM |
| Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker. | |||||
| CVE-2021-27204 | 2 Apple, Telegram | 2 Macos, Telegram | 2021-09-08 | 2.1 LOW | 5.5 MEDIUM |
| Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. | |||||
| CVE-2021-27205 | 2 Apple, Telegram | 2 Macos, Telegram | 2021-09-08 | 2.1 LOW | 5.5 MEDIUM |
| Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2021-09-01 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2021-33325 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password. | |||||
| CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2021-08-04 | 2.1 LOW | 4.4 MEDIUM |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | |||||
| CVE-2020-27557 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. | |||||
| CVE-2020-11821 | 1 Rukovoditel | 1 Rukovoditel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them. | |||||
| CVE-2020-24491 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2021-07-21 | 1.9 LOW | 4.4 MEDIUM |
| Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2021-36158 | 1 Alpinelinux | 1 Aports | 2021-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. | |||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2021-07-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | |||||
| CVE-2021-29956 | 1 Mozilla | 1 Thunderbird | 2021-06-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. | |||||
| CVE-2021-28858 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2021-06-23 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | |||||
| CVE-2021-27487 | 1 Zoll | 1 Defibrillator Dashboard | 2021-06-22 | 2.1 LOW | 5.5 MEDIUM |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. | |||||
| CVE-2021-23182 | 1 Gallagher | 1 Command Centre | 2021-06-22 | 2.1 LOW | 4.4 MEDIUM |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. | |||||
| CVE-2018-20008 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2021-06-21 | 2.1 LOW | 6.8 MEDIUM |
| iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | |||||
| CVE-2020-15384 | 1 Broadcom | 1 Sannav | 2021-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. | |||||
| CVE-2021-21734 | 1 Zte | 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more | 2021-06-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 | |||||
| CVE-2018-16498 | 1 Versa-networks | 1 Versa Director | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. | |||||
| CVE-2020-25678 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2021-05-28 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | |||||
| CVE-2021-25645 | 1 Couchbase | 1 Couchbase Server | 2021-05-24 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past. | |||||
| CVE-2021-29683 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2021-05-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. | |||||
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2021-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | |||||
| CVE-2021-21547 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2021-05-11 | 2.1 LOW | 6.7 MEDIUM |
| Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2020-22783 | 1 Etherpad | 1 Etherpad | 2021-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. | |||||
| CVE-2021-3473 | 1 Lenovo | 38 Thinkagile Hx1320, Thinkagile Hx2320, Thinkagile Hx3320 and 35 more | 2021-04-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC. | |||||
| CVE-2021-25692 | 1 Teradici | 1 Pcoip Connection Manager And Security Gateway | 2021-04-19 | 2.1 LOW | 4.6 MEDIUM |
| Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | |||||
| CVE-2021-26833 | 1 Timelybills | 1 Timelybills | 2021-04-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. | |||||
| CVE-2020-11923 | 1 Wizconnected | 1 Wiz | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | |||||
| CVE-2020-11924 | 1 Wizconnected | 2 Colors A60, Colors A60 Firmware | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | |||||
| CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2021-04-01 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. | |||||
| CVE-2020-25677 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2021-03-04 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||