Total
658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4189 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850. | ||||
| CVE-2020-4095 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 6.0 Medium |
| "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access." | ||||
| CVE-2020-3935 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2024-11-21 | 7.5 High |
| TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. | ||||
| CVE-2020-3921 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2024-11-21 | 8.6 High |
| UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | ||||
| CVE-2020-36473 | 1 Ucweb | 1 Ucweb Uc | 2024-11-21 | 3.7 Low |
| UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. | ||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 5.3 Medium |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||||
| CVE-2020-35455 | 1 Taidii | 1 Diibear | 2024-11-21 | 7.8 High |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | ||||
| CVE-2020-35454 | 1 Taidii | 1 Diibear | 2024-11-21 | 6.8 Medium |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. | ||||
| CVE-2020-2274 | 1 Jenkins | 1 Elastest | 2024-11-21 | 5.5 Medium |
| Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2177 | 1 Jenkins | 1 Copr | 2024-11-21 | 4.3 Medium |
| Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-11-21 | 5.5 Medium |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | ||||
| CVE-2020-29550 | 1 Urve | 1 Urve | 2024-11-21 | 7.5 High |
| An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5. | ||||
| CVE-2020-29502 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-11-21 | 7.5 High |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2020-29501 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-11-21 | 6.4 Medium |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2020-29500 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-11-21 | 7.5 High |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2020-29489 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-11-21 | 6.4 Medium |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2020-29324 | 1 Dlink | 2 Dir-895l Mfc, Dir-895l Mfc Firmware | 2024-11-21 | 7.5 High |
| The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29001 | 1 Merkuryinnovations | 8 Geeni Gnc-cw025, Geeni Gnc-cw025 Firmware, Geeni Gnc-cw028 and 5 more | 2024-11-21 | 7.2 High |
| An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application. | ||||
| CVE-2020-28917 | 1 View Frontend Statistics Project | 1 View Frontend Statistics | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved. | ||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 7.5 High |
| SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it. | ||||