Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20597 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | |||||
| CVE-2021-20445 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. | |||||
| CVE-2021-20439 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | |||||
| CVE-2021-20434 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. | |||||
| CVE-2021-20410 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. | |||||
| CVE-2021-20389 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770. | |||||
| CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2024-11-21 | N/A | 7.8 HIGH |
| A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-20164 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. | |||||
| CVE-2021-20163 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. | |||||
| CVE-2021-20146 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. | |||||
| CVE-2021-1731 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| PFX Encryption Security Feature Bypass Vulnerability | |||||
| CVE-2021-1589 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. | |||||
| CVE-2021-1537 | 1 Cisco | 1 Thousandeyes Recorder | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer. | |||||
| CVE-2021-1392 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device. | |||||
| CVE-2021-0220 | 1 Juniper | 1 Junos Space | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. | |||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-11-21 | 7.2 HIGH | 5.0 MEDIUM |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | |||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | |||||
| CVE-2020-9476 | 1 Commscope | 2 Arris Tg1692a, Arris Tg1692a Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | |||||
| CVE-2020-9425 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. | |||||
| CVE-2020-9404 | 1 Pactware | 1 Pactware | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. | |||||