CWE:
 

Topic
Date
Author
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2021-07-15
Low
CVE-2021-20510

Updating...
 

 
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299

 
2021-07-08
Medium
CVE-2021-31816

Vendor: Octopus
Software: Server
 

 
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

 
Medium
CVE-2021-31817

Vendor: Octopus
Software: Server
 

 
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

 
2021-07-05
Low
CVE-2021-36158

Vendor: Alpinelinux
Software: Aports
 

 
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.

 
2021-06-29
Medium
CVE-2021-29481

Vendor: Ratpack project
Software: Ratpack
 

 
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation.

 
2021-06-24
Low
CVE-2021-29956

Vendor: Mozilla
Software: Thunderbird
 

 
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

 
Medium
CVE-2021-29954

Vendor: Mozilla
Software: Hubs cloud r...
 

 

 
Medium
CVE-2021-29950

Vendor: Mozilla
Software: Thunderbird
 

 
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.

 
2021-06-16
Low
CVE-2021-27487

Vendor: ZOLL
Software: Defibrillato...
 

 
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.

 
Low
CVE-2021-28979

Vendor: Thalesgroup
Software: Safenet keys...
 

 
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top