Total
574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12731 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | |||||
CVE-2020-22783 | 1 Etherpad | 1 Etherpad | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. | |||||
CVE-2021-33325 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password. | |||||
CVE-2021-27487 | 1 Zoll | 1 Defibrillator Dashboard | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. | |||||
CVE-2021-33323 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user. | |||||
CVE-2021-25644 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. | |||||
CVE-2021-31855 | 1 Kde | 1 Messagelib | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. | |||||
CVE-2021-23211 | 1 Gallagher | 1 Command Centre | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). | |||||
CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | |||||
CVE-2020-23249 | 1 Gigamon | 1 Gigavue-os | 2024-02-28 | 4.0 MEDIUM | 4.7 MEDIUM |
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. | |||||
CVE-2021-23878 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 4.3 MEDIUM | 5.0 MEDIUM |
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine | |||||
CVE-2020-29501 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2021-27210 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | |||||
CVE-2019-4738 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. | |||||
CVE-2021-0337 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195 | |||||
CVE-2021-1265 | 1 Cisco | 1 Dna Center | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices. | |||||
CVE-2020-4843 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048. | |||||
CVE-2020-36248 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | |||||
CVE-2021-27233 | 1 Mutare | 1 Voice | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue. | |||||
CVE-2020-5018 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. |