Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45077 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | |||||
| CVE-2021-20827 | 1 Idec | 7 Data File Manager, Microsmart Fc6a, Microsmart Fc6a Firmware and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted. | |||||
| CVE-2020-10053 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | |||||
| CVE-2021-41302 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.3 HIGH |
| ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | |||||
| CVE-2021-25502 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | |||||
| CVE-2021-37842 | 1 Couchbase | 1 Couchbase Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it. | |||||
| CVE-2021-1865 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-04 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. | |||||
| CVE-2021-36165 | 1 Riconmobile | 2 S9922l, S9922l Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. | |||||
| CVE-2020-19137 | 1 Autumn Project | 1 Autumn | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". | |||||
| CVE-2021-33716 | 1 Siemens | 4 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware, Simatic Cp 1545-1 and 1 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. | |||||
| CVE-2021-29904 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. | |||||
| CVE-2021-29786 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. | |||||
| CVE-2021-38150 | 1 Sap | 1 Business Client | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. | |||||
| CVE-2021-37157 | 1 Opengamepanel | 1 Opengamepanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. | |||||
| CVE-2021-40454 | 1 Microsoft | 11 365 Apps, Office, Windows 10 and 8 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Rich Text Edit Control Information Disclosure Vulnerability | |||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | |||||
| CVE-2021-42370 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.) | |||||
| CVE-2021-34544 | 1 Bkw | 2 Solar-log 500, Solar-log 500 Firmware | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2021-42066 | 1 Sap | 1 Business One | 2024-02-04 | 3.5 LOW | 4.4 MEDIUM |
| SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-22789 | 1 Charactell | 1 Formstorm | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file. | |||||