Total
985 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | |||||
CVE-2021-40476 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.5 HIGH |
Windows AppContainer Elevation Of Privilege Vulnerability | |||||
CVE-2021-43332 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. | |||||
CVE-2020-27413 | 1 Mahadiscom | 1 Mahavitaran | 2024-02-28 | 1.9 LOW | 4.2 MEDIUM |
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. | |||||
CVE-2021-28499 | 1 Arista | 2 7130, Metamako Operating System | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | |||||
CVE-2021-3179 | 1 Gglocker Project | 1 Gglocker | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. | |||||
CVE-2021-41297 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. | |||||
CVE-2021-36317 | 1 Dell | 2 Emc Avamar Server, Emc Powerprotect Data Protection Appliance | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2022-0184 | 1 Kingjim | 7 Sma3, Spc10, Spc10 Firmware and 4 more | 2024-02-28 | 3.3 LOW | 4.3 MEDIUM |
Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | |||||
CVE-2021-37400 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | |||||
CVE-2022-20621 | 1 Jenkins | 1 Metrics | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-23117 | 1 Jenkins | 1 Conjur Secrets | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | |||||
CVE-2021-41023 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | |||||
CVE-2022-23223 | 1 Apache | 1 Shenyu | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later. | |||||
CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | |||||
CVE-2021-38165 | 3 Debian, Fedoraproject, Lynx Project | 3 Debian Linux, Fedora, Lynx | 2024-02-28 | 2.6 LOW | 5.3 MEDIUM |
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | |||||
CVE-2021-34700 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system. | |||||
CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
CVE-2020-24396 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy. |