Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21634 | 1 Jenkins | 1 Jabber \(xmpp\) Notifier And Control | 2024-11-21 | 6.5 Medium |
| Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2021-21614 | 1 Jenkins | 1 Bumblebee Hp Alm | 2024-11-21 | 5.5 Medium |
| Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2021-21612 | 1 Jenkins | 1 Tracetronic Ecu-test | 2024-11-21 | 5.5 Medium |
| Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2021-21591 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | 6.4 Medium |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2021-21590 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | 6.4 Medium |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2021-20997 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-11-21 | 7.5 High |
| In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | ||||
| CVE-2021-20826 | 1 Idec | 7 Data File Manager, Microsmart Fc6a, Microsmart Fc6a Firmware and 4 more | 2024-11-21 | 7.6 High |
| Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted. | ||||
| CVE-2021-20597 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-11-21 | 9.1 Critical |
| Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | ||||
| CVE-2021-20445 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 6.5 Medium |
| IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. | ||||
| CVE-2021-20439 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 7.5 High |
| IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | ||||
| CVE-2021-20434 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 4.4 Medium |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. | ||||
| CVE-2021-20410 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. | ||||
| CVE-2021-20389 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 7.8 High |
| IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770. | ||||
| CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2024-11-21 | 7.8 High |
| A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20228 | 2 Debian, Redhat | 6 Debian Linux, Ansible Automation Platform, Ansible Engine and 3 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-20164 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. | ||||
| CVE-2021-20163 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. | ||||
| CVE-2021-20146 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 9.8 Critical |
| An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. | ||||
| CVE-2021-1731 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 5.5 Medium |
| PFX Encryption Security Feature Bypass Vulnerability | ||||
| CVE-2021-1589 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 6.5 Medium |
| A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. | ||||