Total
574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | |||||
CVE-2020-22741 | 1 Baidu | 1 Xuperchain | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | |||||
CVE-2020-4944 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. | |||||
CVE-2020-15384 | 1 Broadcom | 1 Sannav | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. | |||||
CVE-2021-29956 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. | |||||
CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-02-28 | 2.1 LOW | 3.3 LOW |
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | |||||
CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | |||||
CVE-2020-4980 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. | |||||
CVE-2021-22194 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
In all versions of GitLab, marshalled session keys were being stored in Redis. | |||||
CVE-2021-37452 | 1 Nch | 1 Quorum | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | |||||
CVE-2021-20995 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | |||||
CVE-2021-29954 | 1 Mozilla | 1 Hubs Cloud Reticulum | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255. | |||||
CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | |||||
CVE-2021-21734 | 1 Zte | 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 | |||||
CVE-2021-32942 | 1 Aveva | 2 Intouch 2017, Intouch 2020 | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. | |||||
CVE-2021-28858 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | |||||
CVE-2021-36158 | 1 Alpinelinux | 1 Aports | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. | |||||
CVE-2021-31820 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | |||||
CVE-2021-31816 | 1 Octopus | 1 Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | |||||
CVE-2021-31539 | 1 Wowza | 1 Streaming Engine | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords. |