CWE:
 

Topic
Date
Author
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2021-10-13
Low
CVE-2021-40454

Vendor: Microsoft
Software: 365 apps
 

 
Rich Text Edit Control Information Disclosure Vulnerability

 
2021-10-12
Low
CVE-2021-38915

Vendor: IBM
Software: Data risk ma...
 

 
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

 
2021-09-23
Low
CVE-2021-29904

Updating...
 

 
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

 
2021-09-14
Waiting for details
CVE-2021-33716

Updating...
 

 
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

 
2021-09-08
Low
CVE-2021-1865

Vendor: Apple
Software: Ipados
 

 
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

 
Medium
CVE-2020-19137

Vendor: Autumn project
Software: Autumn
 

 
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

 
2021-09-06
Low
CVE-2021-36096

Vendor: OTRS
Software: OTRS
 

 
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

 
2021-08-25
Low
CVE-2021-31989

Vendor: AXIS
Software: Device manager
 

 
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.

 
2021-08-18
Medium
CVE-2021-31820

Updating...
 

 
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

 
2021-08-06
Medium
CVE-2021-37548

Vendor: Jetbrains
Software: Teamcity
 

 
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top