ReportizFlow
Filtered by vendor
Subscriptions
Total
627 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 5.5 Medium |
| IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. | ||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 6.5 Medium |
| IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | ||||
| CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-11-21 | 4.9 Medium |
| IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | ||||
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | ||||
| CVE-2021-37842 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it. | ||||
| CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | ||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-11-21 | 3.3 Low |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | ||||
| CVE-2021-37452 | 1 Nch | 1 Quorum | 2024-11-21 | 5.5 Medium |
| NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | ||||
| CVE-2021-37157 | 1 Opengamepanel | 1 Opengamepanel | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. | ||||
| CVE-2021-36782 | 1 Suse | 1 Rancher | 2024-11-21 | 9.9 Critical |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. | ||||
| CVE-2021-36165 | 1 Riconmobile | 2 S9922l, S9922l Firmware | 2024-11-21 | 5.3 Medium |
| RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. | ||||
| CVE-2021-36158 | 1 Alpinelinux | 1 Aports | 2024-11-21 | 5.9 Medium |
| In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. | ||||
| CVE-2021-36096 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.2 Medium |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | ||||
| CVE-2021-35526 | 2 Hitachiabb-powergrids, Hitachienergy | 2 Sdm600 Firmware, Sdm600 | 2024-11-21 | 6.3 Medium |
| Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). | ||||
| CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2024-11-21 | 6.5 Medium |
| A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-35035 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2024-11-21 | 4.9 Medium |
| A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-34544 | 1 Bkw | 2 Solar-log 500, Solar-log 500 Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. | ||||
| CVE-2021-33716 | 1 Siemens | 4 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware, Simatic Cp 1545-1 and 1 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. | ||||
| CVE-2021-33325 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.9 Medium |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password. | ||||
| CVE-2021-33323 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 7.5 High |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user. | ||||