Vulnerabilities (CVE)

Filtered by CWE-312
Total 574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22206 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,
CVE-2020-22741 1 Baidu 1 Xuperchain 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature.
CVE-2020-4944 1 Ibm 1 Urbancode Deploy 2024-02-28 2.1 LOW 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
CVE-2020-15384 1 Broadcom 1 Sannav 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
CVE-2021-29956 1 Mozilla 1 Thunderbird 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.
CVE-2021-37468 1 Nch 1 Reflect Customer Relationship Management 2024-02-28 2.1 LOW 3.3 LOW
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
CVE-2021-31581 1 Akkadianlabs 2 Ova Appliance, Provisioning Manager 2024-02-28 2.1 LOW 4.4 MEDIUM
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
CVE-2020-4980 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-02-28 3.3 LOW 6.5 MEDIUM
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.
CVE-2021-22194 1 Gitlab 1 Gitlab 2024-02-28 2.1 LOW 4.4 MEDIUM
In all versions of GitLab, marshalled session keys were being stored in Redis.
CVE-2021-37452 1 Nch 1 Quorum 2024-02-28 2.1 LOW 5.5 MEDIUM
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
CVE-2021-20995 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
CVE-2021-29954 1 Mozilla 1 Hubs Cloud Reticulum 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.
CVE-2021-25898 1 Void 1 Aural Rec Monitor 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
CVE-2021-21734 1 Zte 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
CVE-2021-32942 1 Aveva 2 Intouch 2017, Intouch 2020 2024-02-28 2.1 LOW 5.5 MEDIUM
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
CVE-2021-28858 1 Tp-link 2 Tl-wpa4220, Tl-wpa4220 Firmware 2024-02-28 2.1 LOW 5.5 MEDIUM
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.
CVE-2021-36158 1 Alpinelinux 1 Aports 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
CVE-2021-31820 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
CVE-2021-31816 1 Octopus 1 Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
CVE-2021-31539 1 Wowza 1 Streaming Engine 2024-02-28 2.1 LOW 5.5 MEDIUM
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.