Total
1286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39045 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
|
|||||
| CVE-2021-38976 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.
|
|||||
| CVE-2021-38938 | 1 Ibm | 1 Host Access Transformation Services | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.
|
|||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.
|
|||||
| CVE-2021-38165 | 3 Debian, Fedoraproject, Lynx Project | 3 Debian Linux, Fedora, Lynx | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
|
|||||
| CVE-2021-37401 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
|
|||||
| CVE-2021-37400 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
|
|||||
| CVE-2021-37187 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.
|
|||||
| CVE-2021-36783 | 1 Suse | 1 Rancher | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
|
|||||
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 4.3 MEDIUM | 2.6 LOW |
|
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
|
|||||
| CVE-2021-36318 | 1 Dell | 1 Emc Avamar Server | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
|
|||||
| CVE-2021-36317 | 1 Dell | 2 Emc Avamar Server, Emc Powerprotect Data Protection Appliance | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
|
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
|||||
| CVE-2021-36309 | 1 Dell | 1 Enterprise Sonic Os | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
|
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
|
|||||
| CVE-2021-36204 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | N/A | 7.8 HIGH |
|
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
|
|||||
| CVE-2021-36178 | 1 Fortinet | 1 Fortisdnconnector | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
|
|||||
| CVE-2021-36170 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 2.1 LOW | 3.2 LOW |
|
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
|
|||||
| CVE-2021-35965 | 1 Learningdigital | 1 Orca Hcm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
|
|||||
| CVE-2021-35529 | 1 Hitachienergy | 2 Counterparty Settlement And Billing, Retail Operations | 2024-11-21 | 6.5 MEDIUM | 7.7 HIGH |
|
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.
|
|||||
| CVE-2021-35527 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
|
|||||
| CVE-2021-35050 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.
|
|||||
| CVE-2021-34733 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could ...
Show More |
|||||
| CVE-2021-34700 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged a ...
Show More |
|||||
| CVE-2021-34560 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
|
|||||
| CVE-2021-34204 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.
|
|||||
| CVE-2021-34075 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
|
|||||
| CVE-2021-33024 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
|
|||||
| CVE-2021-32978 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.
|
|||||
| CVE-2021-32770 | 1 Gatsbyjs | 1 Gatsby-source-wordpress | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in [email protected] and [email protected] which mitigates the issue by filtering all variables specified in the `auth: { }` section. ...
Show More |
|||||
| CVE-2021-32039 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
|
|||||
| CVE-2021-32003 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2024-11-21 | 2.1 LOW | 8.0 HIGH |
|
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
|
|||||
| CVE-2021-30948 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.
|
|||||
| CVE-2021-30169 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.
|
|||||
| CVE-2021-30168 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.
|
|||||
| CVE-2021-30167 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
|
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.
|
|||||
| CVE-2021-29811 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329.
|
|||||
| CVE-2021-29262 | 1 Apache | 1 Solr | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
|
|||||
| CVE-2021-29255 | 1 Microseven | 2 Mym71080i-b, Mym71080i-b Firmware | 2024-11-21 | 2.9 LOW | 7.5 HIGH |
|
MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials.
|
|||||
| CVE-2021-29253 | 1 Rsa | 1 Archer | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.
|
|||||
| CVE-2021-28857 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
|
|||||
| CVE-2021-28813 | 1 Qnap | 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.6 CRITICAL |
|
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: Q ...
Show More |
|||||