Total
985 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | |||||
| CVE-2019-4724 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. | |||||
| CVE-2021-28857 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | |||||
| CVE-2020-27839 | 1 Redhat | 1 Ceph | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-20997 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | |||||
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | |||||
| CVE-2021-29253 | 1 Rsa | 1 Archer | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks. | |||||
| CVE-2021-21591 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2020-12061 | 1 Nitrokey | 2 Fido U2f, Fido U2f Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller. | |||||
| CVE-2021-34560 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. | |||||
| CVE-2020-27831 | 1 Redhat | 1 Quay | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications. | |||||
| CVE-2021-22781 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. | |||||
| CVE-2021-27491 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process. | |||||
| CVE-2021-29255 | 1 Microseven | 2 Mym71080i-b, Mym71080i-b Firmware | 2024-02-28 | 2.9 LOW | 7.5 HIGH |
| MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials. | |||||
| CVE-2019-4723 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. | |||||
| CVE-2020-5315 | 1 Dell | 1 Emc Repository Manager | 2024-02-28 | 2.1 LOW | 8.8 HIGH |
| Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. | |||||
| CVE-2021-22780 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file. | |||||
| CVE-2021-27495 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
| Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint. | |||||
| CVE-2021-32770 | 1 Gatsbyjs | 1 Gatsby-source-wordpress | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in gatsby-source-wordpress@4.0.8 and gatsby-source-wordpress@5.9.2 which mitigates the issue by filtering all variables specified in the `auth: { }` section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run `gatsby clean` followed by a `gatsby build`. One may manually edit the app.js file post-build as a workaround. | |||||