Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27140 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. | |||||
| CVE-2021-27178 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. | |||||
| CVE-2021-27174 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27175 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27176 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-26550 | 1 Smartfoxserver | 1 Smartfoxserver | 2021-02-11 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml. | |||||
| CVE-2021-22300 | 1 Huawei | 2 Ecns280 Td, Ecns280 Td Firmware | 2021-02-10 | 1.9 LOW | 4.1 MEDIUM |
| There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. | |||||
| CVE-2021-20358 | 1 Ibm | 1 Cloud Pak For Automation | 2021-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965. | |||||
| CVE-2020-29001 | 1 Merkuryinnovations | 8 Geeni Gnc-cw025, Geeni Gnc-cw025 Firmware, Geeni Gnc-cw028 and 5 more | 2021-02-03 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application. | |||||
| CVE-2020-4189 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850. | |||||
| CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | |||||
| CVE-2020-5805 | 1 Marvell | 1 Qconvergeconslole Gui | 2021-01-14 | 9.0 HIGH | 8.8 HIGH |
| In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC. | |||||
| CVE-2020-5018 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. | |||||
| CVE-2020-29489 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2021-01-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2020-29501 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2021-01-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2020-29502 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2021-01-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2020-29500 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2021-01-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2020-23249 | 1 Gigamon | 1 Gigavue-os | 2021-01-08 | 4.0 MEDIUM | 4.7 MEDIUM |
| GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. | |||||
| CVE-2018-19941 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) | |||||
| CVE-2020-26288 | 1 Parseplatform | 1 Parse-server | 2021-01-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage. | |||||