Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29683 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. | |||||
| CVE-2021-29481 | 1 Ratpack Project | 1 Ratpack | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation. | |||||
| CVE-2021-28937 | 1 Acexy | 2 Wireless-n Wifi Repeater, Wireless-n Wifi Repeater Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP. | |||||
| CVE-2021-28858 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | |||||
| CVE-2021-27757 | 1 Hcltech | 1 Bigfix Insights | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." | |||||
| CVE-2021-27549 | 1 Genymobile | 1 Genymotion Desktop | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen | |||||
| CVE-2021-27487 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. | |||||
| CVE-2021-27233 | 1 Mutare | 1 Voice | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue. | |||||
| CVE-2021-27210 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | |||||
| CVE-2021-27205 | 2 Apple, Telegram | 2 Macos, Telegram | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. | |||||
| CVE-2021-27204 | 2 Apple, Telegram | 2 Macos, Telegram | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. | |||||
| CVE-2021-27178 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. | |||||
| CVE-2021-27176 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27175 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27174 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27140 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. | |||||
| CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-26550 | 1 Smartfoxserver | 1 Smartfoxserver | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml. | |||||
| CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | |||||
| CVE-2021-25692 | 1 Teradici | 1 Pcoip Connection Manager And Security Gateway | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | |||||