Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21547 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2021-05-11 | 2.1 LOW | 6.7 MEDIUM |
| Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2018-19981 | 1 Amazon | 1 Aws Software Development Kit | 2021-05-10 | 9.0 HIGH | 7.2 HIGH |
| Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms). | |||||
| CVE-2021-31791 | 1 Sentrysoftware | 1 Hardware Sentry Km For Bmc Patrol | 2021-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. | |||||
| CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2021-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | |||||
| CVE-2020-22783 | 1 Etherpad | 1 Etherpad | 2021-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. | |||||
| CVE-2021-3473 | 1 Lenovo | 38 Thinkagile Hx1320, Thinkagile Hx2320, Thinkagile Hx3320 and 35 more | 2021-04-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC. | |||||
| CVE-2020-24577 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI. | |||||
| CVE-2021-25692 | 1 Teradici | 1 Pcoip Connection Manager And Security Gateway | 2021-04-19 | 2.1 LOW | 4.6 MEDIUM |
| Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | |||||
| CVE-2021-26833 | 1 Timelybills | 1 Timelybills | 2021-04-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. | |||||
| CVE-2020-11923 | 1 Wizconnected | 1 Wiz | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | |||||
| CVE-2020-11924 | 1 Wizconnected | 2 Colors A60, Colors A60 Firmware | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | |||||
| CVE-2021-28937 | 1 Acexy | 2 Wireless-n Wifi Repeater, Wireless-n Wifi Repeater Firmware | 2021-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP. | |||||
| CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2021-04-01 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. | |||||
| CVE-2021-21339 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | |||||
| CVE-2019-17655 | 1 Fortinet | 1 Fortios | 2021-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | |||||
| CVE-2020-25677 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2021-03-04 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-27549 | 1 Genymobile | 1 Genymotion Desktop | 2021-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen. | |||||
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud | 2021-02-25 | 2.1 LOW | 4.6 MEDIUM |
| The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | |||||
| CVE-2021-27233 | 1 Mutare | 1 Voice | 2021-02-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue. | |||||