Total
570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40454 | 1 Microsoft | 22 365 Apps, Office, Office Long Term Servicing Channel and 19 more | 2024-08-04 | 5.5 Medium |
| Rich Text Edit Control Information Disclosure Vulnerability | ||||
| CVE-2021-40363 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-08-04 | 7.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. | ||||
| CVE-2021-40087 | 1 Primekey | 1 Ejbca | 2024-08-04 | 2.7 Low |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST. | ||||
| CVE-2021-39077 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-08-04 | 4.4 Medium |
| IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. | ||||
| CVE-2021-38150 | 1 Sap | 1 Business Client | 2024-08-04 | 6.5 Medium |
| When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. | ||||
| CVE-2021-37842 | 1 Couchbase | 1 Couchbase Server | 2024-08-04 | 7.5 High |
| metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it. | ||||
| CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 7.5 High |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | ||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-08-04 | 3.3 Low |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | ||||
| CVE-2021-37452 | 1 Nch | 1 Quorum | 2024-08-04 | 5.5 Medium |
| NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | ||||
| CVE-2021-37157 | 1 Opengamepanel | 1 Opengamepanel | 2024-08-04 | 8.8 High |
| An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. | ||||
| CVE-2021-36158 | 1 Alpinelinux | 1 Aports | 2024-08-04 | 5.9 Medium |
| In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. | ||||
| CVE-2021-36165 | 1 Riconmobile | 2 S9922l, S9922l Firmware | 2024-08-04 | 5.3 Medium |
| RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. | ||||
| CVE-2021-35035 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2024-08-04 | 4.9 Medium |
| A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2024-08-04 | 6.5 Medium |
| A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-34544 | 1 Bkw | 2 Solar-log 500, Solar-log 500 Firmware | 2024-08-04 | 6.5 Medium |
| An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. | ||||
| CVE-2021-33716 | 1 Siemens | 4 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware, Simatic Cp 1545-1 and 1 more | 2024-08-03 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. | ||||
| CVE-2021-33325 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 4.9 Medium |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password. | ||||
| CVE-2021-33323 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 7.5 High |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user. | ||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2024-08-03 | 5.3 Medium |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | ||||
| CVE-2021-31855 | 1 Kde | 1 Messagelib | 2024-08-03 | 6.5 Medium |
| KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. | ||||