Total
570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud | 2024-08-04 | 3.9 Low |
| The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | ||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-08-04 | 7.5 High |
| SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it. | ||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2024-08-04 | 5.3 Medium |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||||
| CVE-2020-35455 | 1 Taidii | 1 Diibear | 2024-08-04 | 7.8 High |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | ||||
| CVE-2020-35454 | 1 Taidii | 1 Diibear | 2024-08-04 | 6.8 Medium |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. | ||||
| CVE-2020-29550 | 1 Urve | 1 Urve | 2024-08-04 | 7.5 High |
| An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5. | ||||
| CVE-2020-29324 | 1 Dlink | 2 Dir-895l Mfc, Dir-895l Mfc Firmware | 2024-08-04 | 7.5 High |
| The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29001 | 1 Merkuryinnovations | 8 Geeni Gnc-cw025, Geeni Gnc-cw025 Firmware, Geeni Gnc-cw028 and 5 more | 2024-08-04 | 7.2 High |
| An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application. | ||||
| CVE-2020-28917 | 1 View Frontend Statistics Project | 1 View Frontend Statistics | 2024-08-04 | 6.5 Medium |
| An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved. | ||||
| CVE-2020-27613 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 8.4 High |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | ||||
| CVE-2020-26816 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 4.5 Medium |
| SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems. | ||||
| CVE-2020-26551 | 1 Aviatrix | 1 Controller | 2024-08-04 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | ||||
| CVE-2020-26288 | 1 Parseplatform | 1 Parse-server | 2024-08-04 | 7.7 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage. | ||||
| CVE-2020-26228 | 1 Typo3 | 1 Typo3 | 2024-08-04 | 8.1 High |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | ||||
| CVE-2020-25678 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-08-04 | 4.4 Medium |
| A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | ||||
| CVE-2020-25677 | 2 Ceph, Redhat | 3 Ceph-ansible, Ceph Storage, Openshift Container Storage | 2024-08-04 | 5.5 Medium |
| A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-24577 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI. | ||||
| CVE-2020-23249 | 1 Gigamon | 1 Gigavue-os | 2024-08-04 | 4.7 Medium |
| GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. | ||||
| CVE-2020-22783 | 1 Etherpad | 1 Etherpad | 2024-08-04 | 6.5 Medium |
| Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. | ||||
| CVE-2020-22741 | 1 Baidu | 1 Xuperchain | 2024-08-04 | 7.5 High |
| An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | ||||