Total
574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3473 | 1 Lenovo | 38 Thinkagile Hx1320, Thinkagile Hx2320, Thinkagile Hx3320 and 35 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC. | |||||
CVE-2021-30183 | 1 Octopus | 1 Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. | |||||
CVE-2021-23182 | 1 Gallagher | 1 Command Centre | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. | |||||
CVE-2021-29481 | 1 Ratpack Project | 1 Ratpack | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation. | |||||
CVE-2021-29683 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. | |||||
CVE-2018-16498 | 1 Versa-networks | 1 Versa Director | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. | |||||
CVE-2021-31817 | 1 Octopus | 1 Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | |||||
CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
CVE-2021-30997 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail. | |||||
CVE-2021-40087 | 1 Primekey | 1 Ejbca | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST. | |||||
CVE-2021-21547 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
CVE-2020-18759 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100. | |||||
CVE-2020-29324 | 1 Dlink | 2 Dir-895l Mfc, Dir-895l Mfc Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
CVE-2021-28937 | 1 Acexy | 2 Wireless-n Wifi Repeater, Wireless-n Wifi Repeater Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP. | |||||
CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. | |||||
CVE-2021-36096 | 1 Otrs | 1 Otrs | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | |||||
CVE-2021-29950 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. | |||||
CVE-2021-25692 | 1 Teradici | 1 Pcoip Connection Manager And Security Gateway | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | |||||
CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | |||||
CVE-2021-31791 | 1 Sentrysoftware | 1 Hardware Sentry Km For Bmc Patrol | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. |