Total
570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11924 | 1 Wizconnected | 2 Colors A60, Colors A60 Firmware | 2024-08-04 | 5.5 Medium |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | ||||
| CVE-2020-11923 | 1 Wizconnected | 1 Wiz | 2024-08-04 | 5.5 Medium |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | ||||
| CVE-2020-11826 | 1 Appinghouse | 1 Memono | 2024-08-04 | 7.5 High |
| Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database. | ||||
| CVE-2020-11694 | 2 Jetbrains, Microsoft | 2 Pycharm, Windows | 2024-08-04 | 7.5 High |
| In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | ||||
| CVE-2020-11415 | 1 Sonatype | 1 Nexus Repository Manager | 2024-08-04 | 4.9 Medium |
| An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. | ||||
| CVE-2020-10727 | 3 Apache, Netapp, Redhat | 3 Activemq Artemis, Oncommand Workflow Automation, Amq Broker | 2024-08-04 | 5.5 Medium |
| A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. | ||||
| CVE-2020-10706 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-08-04 | 6.3 Medium |
| A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. | ||||
| CVE-2020-10532 | 1 Watchguard | 1 Ad Helper Firmware | 2024-08-04 | 7.5 High |
| The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | ||||
| CVE-2020-10053 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-08-04 | 5.5 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | ||||
| CVE-2020-9462 | 1 Homey | 4 Homey, Homey Firmware, Homey Pro and 1 more | 2024-08-04 | 4.3 Medium |
| An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | ||||
| CVE-2020-9407 | 1 Iblsoft | 1 Online Weather | 2024-08-04 | 5.3 Medium |
| IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | ||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2024-08-04 | 9.9 Critical |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | ||||
| CVE-2020-8276 | 1 Brave | 1 Brave | 2024-08-04 | 5.5 Medium |
| The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window. | ||||
| CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2024-08-04 | 7.5 High |
| A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | ||||
| CVE-2020-7517 | 1 Schneider-electric | 1 Easergy Builder | 2024-08-04 | 5.5 Medium |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | ||||
| CVE-2020-7513 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-08-04 | 7.5 High |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | ||||
| CVE-2020-7516 | 1 Schneider-electric | 1 Easergy Builder | 2024-08-04 | 7.8 High |
| A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | ||||
| CVE-2020-7213 | 1 Parallels | 1 Parallels | 2024-08-04 | 7.5 High |
| Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site. | ||||
| CVE-2020-6980 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-08-04 | 3.3 Low |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. | ||||
| CVE-2020-6794 | 3 Canonical, Mozilla, Redhat | 4 Ubuntu Linux, Thunderbird, Enterprise Linux and 1 more | 2024-08-04 | 6.5 Medium |
| If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | ||||