Total
658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | ||||
| CVE-2021-22194 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.7 Medium |
| In all versions of GitLab, marshalled session keys were being stored in Redis. | ||||
| CVE-2021-21734 | 1 Zte | 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more | 2024-11-21 | 6.5 Medium |
| Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 | ||||
| CVE-2021-21547 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 6.4 Medium |
| Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2021-21339 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.9 Medium |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||
| CVE-2021-20995 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-11-21 | 5.3 Medium |
| In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | ||||
| CVE-2021-20827 | 1 Idec | 7 Data File Manager, Microsmart Fc6a, Microsmart Fc6a Firmware and 4 more | 2024-11-21 | 7.5 High |
| Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted. | ||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 4.4 Medium |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | ||||
| CVE-2021-20408 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 5.5 Medium |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187. | ||||
| CVE-2021-20407 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185. | ||||
| CVE-2021-20358 | 1 Ibm | 1 Cloud Pak For Automation | 2024-11-21 | 6.5 Medium |
| IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965. | ||||
| CVE-2021-20171 | 1 Netgear | 2 Rax43, Rax43 Firmware | 2024-11-21 | 5.5 Medium |
| Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | ||||
| CVE-2021-20162 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext. | ||||
| CVE-2021-1865 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.0 Medium |
| An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. | ||||
| CVE-2021-1265 | 1 Cisco | 1 Dna Center | 2024-11-21 | 6.5 Medium |
| A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices. | ||||
| CVE-2021-0337 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195 | ||||
| CVE-2020-9462 | 1 Homey | 4 Homey, Homey Firmware, Homey Pro and 1 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | ||||
| CVE-2020-9407 | 1 Iblsoft | 1 Online Weather | 2024-11-21 | 5.3 Medium |
| IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | ||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2024-11-21 | 9.9 Critical |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | ||||
| CVE-2020-8276 | 1 Brave | 1 Brave | 2024-11-21 | 5.5 Medium |
| The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window. | ||||