Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27175 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27178 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. | |||||
| CVE-2018-19941 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) | |||||
| CVE-2020-29001 | 1 Merkuryinnovations | 8 Geeni Gnc-cw025, Geeni Gnc-cw025 Firmware, Geeni Gnc-cw028 and 5 more | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application. | |||||
| CVE-2020-25677 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-0337 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195 | |||||
| CVE-2020-4369 | 1 Ibm | 1 Verify Gateway | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. | |||||
| CVE-2020-14017 | 1 Naviwebs | 1 Navigate Cms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session. | |||||
| CVE-2020-15784 | 1 Siemens | 1 Spectrum Power 4 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. | |||||
| CVE-2020-13637 | 1 Heinekingmedia | 1 Stashcat | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context. | |||||
| CVE-2020-7513 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | |||||
| CVE-2020-7517 | 1 Schneider-electric | 1 Easergy Builder | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | |||||
| CVE-2020-10273 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data. | |||||
| CVE-2020-17495 | 1 Django-celery-results Project | 1 Django-celery-results | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. | |||||
| CVE-2020-7516 | 1 Schneider-electric | 1 Easergy Builder | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | |||||
| CVE-2020-5723 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. | |||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | |||||
| CVE-2020-15105 | 1 Django Two-factor Authentication Project | 1 Django Two-factor Authentication | 2024-02-04 | 3.6 LOW | 5.4 MEDIUM |
| Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading. | |||||
| CVE-2020-15484 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. | |||||
| CVE-2020-10532 | 1 Watchguard | 1 Ad Helper Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | |||||