ReportizFlow
Filtered by vendor
Subscriptions
Total
1128 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40476 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2024-11-21 | 7.5 High |
| Windows AppContainer Elevation Of Privilege Vulnerability | ||||
| CVE-2021-40360 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server. | ||||
| CVE-2021-3789 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 4.2 Medium |
| An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. | ||||
| CVE-2021-3681 | 1 Redhat | 2 Ansible Automation Platform, Ansible Galaxy | 2024-11-21 | 5.5 Medium |
| A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets. | ||||
| CVE-2021-3528 | 1 Redhat | 2 Noobaa-operator, Openshift Container Storage | 2024-11-21 | 8.8 High |
| A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. | ||||
| CVE-2021-3513 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-11-21 | 7.5 High |
| A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-3344 | 1 Redhat | 3 Openshift, Openshift Builder, Openshift Container Platform | 2024-11-21 | 8.8 High |
| A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. | ||||
| CVE-2021-3252 | 1 Kaco-newenergy | 2 Xp100u, Xp100u Firmware | 2024-11-21 | 7.5 High |
| KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability. | ||||
| CVE-2021-3179 | 1 Gglocker Project | 1 Gglocker | 2024-11-21 | 5.5 Medium |
| GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. | ||||
| CVE-2021-3141 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.8 High |
| In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | ||||
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2024-11-21 | 7.8 High |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | ||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2024-11-21 | 5.3 Medium |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | ||||
| CVE-2021-39289 | 1 Netmodule | 16 Nb1600, Nb1601, Nb1800 and 13 more | 2024-11-21 | 7.5 High |
| Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | ||||
| CVE-2021-39046 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 4.9 Medium |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | ||||
| CVE-2021-39045 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.5 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | ||||
| CVE-2021-38976 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-11-21 | 5.5 Medium |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781. | ||||
| CVE-2021-38938 | 1 Ibm | 1 Host Access Transformation Services | 2024-11-21 | 6.2 Medium |
| IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989. | ||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 5.5 Medium |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | ||||
| CVE-2021-38165 | 4 Debian, Fedoraproject, Lynx Project and 1 more | 4 Debian Linux, Fedora, Lynx and 1 more | 2024-11-21 | 5.3 Medium |
| Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | ||||
| CVE-2021-37401 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2024-11-21 | 9.8 Critical |
| An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | ||||