Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | |||||
| CVE-2021-31539 | 1 Wowza | 1 Streaming Engine | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords. | |||||
| CVE-2021-31855 | 1 Kde | 1 Messagelib | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2021-29683 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. | |||||
| CVE-2021-25644 | 1 Couchbase | 1 Couchbase Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. | |||||
| CVE-2021-29950 | 1 Mozilla | 1 Thunderbird | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. | |||||
| CVE-2021-20995 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | |||||
| CVE-2021-36158 | 1 Alpinelinux | 1 Aports | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. | |||||
| CVE-2021-31791 | 1 Sentrysoftware | 1 Hardware Sentry Km For Bmc Patrol | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. | |||||
| CVE-2021-33323 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user. | |||||
| CVE-2021-28858 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | |||||
| CVE-2020-4944 | 1 Ibm | 1 Urbancode Deploy | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. | |||||
| CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | |||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | |||||
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | |||||
| CVE-2021-36096 | 1 Otrs | 1 Otrs | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | |||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
| CVE-2021-29954 | 1 Mozilla | 1 Hubs Cloud Reticulum | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255. | |||||
| CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | |||||