Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2022-02-01 | 4.3 MEDIUM | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | |||||
| CVE-2022-22789 | 1 Charactell | 1 Formstorm | 2022-02-01 | 4.6 MEDIUM | 7.8 HIGH |
| Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file. | |||||
| CVE-2022-23129 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2022-01-27 | 2.1 LOW | 5.5 MEDIUM |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information. | |||||
| CVE-2021-31821 | 2 Microsoft, Octopus | 2 Windows, Tentacle | 2022-01-26 | 2.1 LOW | 5.5 MEDIUM |
| When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image | |||||
| CVE-2021-42066 | 1 Sap | 1 Business One | 2022-01-21 | 3.5 LOW | 4.4 MEDIUM |
| SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. | |||||
| CVE-2021-20827 | 1 Idec | 7 Data File Manager, Microsmart Fc6a, Microsmart Fc6a Firmware and 4 more | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted. | |||||
| CVE-2021-20171 | 1 Netgear | 2 Rax43, Rax43 Firmware | 2022-01-11 | 2.1 LOW | 5.5 MEDIUM |
| Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | |||||
| CVE-2021-20162 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext. | |||||
| CVE-2021-35035 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2022-01-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | |||||
| CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2022-01-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2019-18238 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. | |||||
| CVE-2020-3935 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2021-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. | |||||
| CVE-2020-10273 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2021-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data. | |||||
| CVE-2020-10267 | 1 Universal-robots | 4 Ur10, Ur3, Ur5 and 1 more | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property. | |||||
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2021-12-16 | 4.3 MEDIUM | 7.5 HIGH |
| Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | |||||
| CVE-2020-13783 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | |||||
| CVE-2020-7516 | 1 Schneider-electric | 1 Easergy Builder | 2021-12-10 | 2.1 LOW | 7.8 HIGH |
| A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | |||||
| CVE-2021-31539 | 1 Wowza | 1 Streaming Engine | 2021-12-08 | 2.1 LOW | 5.5 MEDIUM |
| Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords. | |||||
| CVE-2021-38949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-11-17 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. | |||||
| CVE-2021-37157 | 1 Opengamepanel | 1 Opengamepanel | 2021-11-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. | |||||