Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22457 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.
|
|||||
| CVE-2022-22367 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
|
|||||
| CVE-2022-22366 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.
|
|||||
| CVE-2022-22302 | 1 Fortinet | 2 Fortiauthenticator, Fortios | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
|
|||||
| CVE-2022-22069 | 1 Qualcomm | 174 Aqt1000, Aqt1000 Firmware, Qca6390 and 171 more | 2024-11-21 | N/A | 7.7 HIGH |
|
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
|
|||||
| CVE-2022-22031 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-21818 | 1 Nvidia | 1 License System | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity.
|
|||||
| CVE-2022-20660 | 1 Cisco | 40 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 37 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from ...
Show More |
|||||
| CVE-2022-20219 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613
|
|||||
| CVE-2022-0835 | 1 Aveva | 1 System Platform | 2024-11-21 | 1.9 LOW | 8.1 HIGH |
|
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
|
|||||
| CVE-2021-45491 | 1 3cx | 1 3cx | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
3CX System through 2022-03-17 stores cleartext passwords in a database.
|
|||||
| CVE-2021-45077 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
|
|||||
| CVE-2021-45025 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.
|
|||||
| CVE-2021-43590 | 1 Dell | 1 Enterprise Storage Analytics | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
|||||
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.
|
|||||
| CVE-2021-42763 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.
|
|||||
| CVE-2021-42642 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer.
|
|||||
| CVE-2021-42370 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
|
|||||
| CVE-2021-42066 | 1 Sap | 1 Business One | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
|
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.
|
|||||
| CVE-2021-41639 | 1 Melag | 1 Ftp Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.
|
|||||
| CVE-2021-41302 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
|
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.
|
|||||
| CVE-2021-41090 | 1 Grafana | 1 Agent | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone bei ...
Show More |
|||||
| CVE-2021-40527 | 1 Onepeloton | 1 Peloton | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.
|
|||||
| CVE-2021-40454 | 1 Microsoft | 11 365 Apps, Office, Windows 10 and 8 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Rich Text Edit Control Information Disclosure Vulnerability
|
|||||
| CVE-2021-40363 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected componen ...
Show More |
|||||
| CVE-2021-40087 | 1 Primekey | 1 Ejbca | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.
|
|||||
| CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
|
|||||
| CVE-2021-3551 | 4 Dogtagpki, Fedoraproject, Oracle and 1 more | 12 Dogtagpki, Fedora, Linux and 9 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
|
|||||
| CVE-2021-3473 | 1 Lenovo | 38 Thinkagile Hx1320, Thinkagile Hx2320, Thinkagile Hx3320 and 35 more | 2024-11-21 | 4.0 MEDIUM | 4.5 MEDIUM |
|
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. ...
Show More |
|||||
| CVE-2021-39078 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.
|
|||||
| CVE-2021-39009 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
|
|||||
| CVE-2021-38949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
|
|||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
|
|||||
| CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
|
|||||
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
|
|||||
| CVE-2021-37842 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
|
|||||
| CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
|
|||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
|
|||||
| CVE-2021-37452 | 1 Nch | 1 Quorum | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
|
|||||
| CVE-2021-37157 | 1 Opengamepanel | 1 Opengamepanel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.
|
|||||