Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez
CVEMAP Search Results
CVE
Details
Description
2021-07-15
Low
CVE-2021-20510
Updating...
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299
2021-07-08
Medium
CVE-2021-31816
Vendor:
Octopus
Software:
Server
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Medium
CVE-2021-31817
Vendor:
Octopus
Software:
Server
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
2021-07-05
Low
CVE-2021-36158
Vendor:
Alpinelinux
Software:
Aports
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
2021-06-29
Medium
CVE-2021-29481
Vendor:
Ratpack project
Software:
Ratpack
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation.
2021-06-24
Low
CVE-2021-29956
Vendor:
Mozilla
Software:
Thunderbird
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.
Medium
CVE-2021-29954
Vendor:
Mozilla
Software:
Hubs cloud r...
Medium
CVE-2021-29950
Vendor:
Mozilla
Software:
Thunderbird
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.
2021-06-16
Low
CVE-2021-27487
Vendor:
ZOLL
Software:
Defibrillato...
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
Low
CVE-2021-28979
Vendor:
Thalesgroup
Software:
Safenet keys...
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.
Copyright
2021
, cxsecurity.com
Back to Top
