Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35050 | 1 Fidelissecurity | 2 Deception, Network | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. | |||||
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2022-08-10 | N/A | 5.0 MEDIUM |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | |||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | |||||
| CVE-2022-33169 | 1 Ibm | 1 Robotic Process Automation | 2022-08-05 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. | |||||
| CVE-2021-28496 | 1 Arista | 1 Eos | 2022-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train | |||||
| CVE-2021-28499 | 1 Arista | 2 7130, Metamako Operating System | 2022-07-29 | 2.1 LOW | 5.5 MEDIUM |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | |||||
| CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2022-07-27 | N/A | 6.5 MEDIUM |
| BigFix Web Reports authorized users may see SMTP credentials in clear text. | |||||
| CVE-2022-1766 | 1 Anchore | 2 Anchore, Anchorectl | 2022-07-27 | N/A | 7.5 HIGH |
| Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue. | |||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 6 Ubuntu Linux, Leap, Requests and 3 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2022-22998 | 2 Linux, Westerndigital | 5 Linux Kernel, My Cloud Home, My Cloud Home Duo and 2 more | 2022-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Implemented protections on AWS credentials that were not properly protected. | |||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2022-07-14 | 2.1 LOW | 5.5 MEDIUM |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2021-27941 | 1 Coolkit | 1 Ewelink | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. | |||||
| CVE-2021-34075 | 1 Artica | 1 Pandora Fms | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | |||||
| CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | |||||
| CVE-2020-29321 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-46440 | 1 Strapi | 1 Strapi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | |||||
| CVE-2021-39046 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | |||||
| CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | |||||