CWE:
 

Topic
Date
Author
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2021-05-06
Low
CVE-2021-22206

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

 
2021-04-28
Low
CVE-2020-22783

Vendor: Etherpad
Software: Etherpad
 

 
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.

 
2021-04-23
Low
CVE-2021-31539

Vendor: Wowza
Software: Streaming engine
 

 
Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.

 
2021-04-06
Low
CVE-2021-26833

Vendor: Timelybills
Software: Timelybills
 

 
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.

 
2021-04-02
Low
CVE-2020-11924

Updating...
 

 
An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.

 
Low
CVE-2020-11923

Vendor: Wizconnected
Software: WIZ
 

 
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.

 
2021-03-30
Low
CVE-2020-4944

Vendor: IBM
Software: Urbancode deploy
 

 
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user. IBM X-Force ID: 191944.

 
Low
CVE-2021-26579

Vendor: HPE
Software: Unified data...
 

 
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.

 
Low
CVE-2020-4884

Vendor: IBM
Software: Urbancode deploy
 

 
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

 
2021-03-29
Medium
CVE-2021-28937

Updating...
 

 
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top