CWE:
 

Topic
Date
Author
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2020-08-11
Medium
CVE-2020-17495

Vendor: Django-celery-results project
Software: Django-celer...
 

 
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.

 
2020-07-23
Low
CVE-2020-7517

Vendor: Schneider-electric
Software: Easergy builder
 

 
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.

 
Low
CVE-2020-7516

Vendor: Schneider-electric
Software: Easergy builder
 

 
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials.

 
2020-07-22
Low
CVE-2020-4369

Vendor: IBM
Software: Verify gateway
 

 
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

 
2020-07-01
Low
CVE-2019-4676

Vendor: IBM
Software: Security ide...
 

 
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.

 
2020-06-30
Waiting for details
CVE-2020-15085

Updating...
 

 
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.

 
2020-06-24
Medium
CVE-2020-14017

Vendor: Naviwebs
Software: Navigate cms
 

 
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.

 
2020-06-17
Medium
CVE-2020-13637

Vendor: Heinekingmedia
Software: Stashcat
 

 
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context.

 
2020-06-16
Medium
CVE-2019-17655

Vendor: Fortinet
Software: Fortios
 

 
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.

 
Medium
CVE-2020-7513

Updating...
 

 
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top