CWE:
 

Topic
Date
Author
Med.
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
28.05.2017
Kyle Lovett
Med.
Sophos Web Appliance 4.2.1.3 Privilege Escalation
05.11.2016
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues
13.10.2015
Matthias Deeg
Med.
Netop Remote Control 11.52 / 12.11 Credential Issue
25.08.2015
Matthias Deeg
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...
High
Privoxy 3.0.20-1 Proxy Authentication Credential Exposure
12.03.2013
Chris John Riley


CVEMAP Search Results

CVE
Details
Description
2021-07-19
High
CVE-2021-35965

Vendor: Learningdigital
Software: Orca hcm
 

 

 
2021-07-14
Medium
CVE-2021-35527

Vendor: ABB
Software: Esoms
 

 
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.

 
2021-07-09
Medium
CVE-2021-30116

Vendor: Kaseya
Software: VSA
 

 
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.

 
2021-07-07
Medium
CVE-2021-20415

Vendor: IBM
Software: Guardium dat...
 

 
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.

 
2021-06-30
Medium
CVE-2021-22370

Vendor: Huawei
Software: EMUI
 

 
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.

 
Medium
CVE-2021-22351

Vendor: Huawei
Software: EMUI
 

 
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions.

 
2021-06-25
Medium
CVE-2021-35050

Vendor: Fidelissecurity
Software: Deception
 

 
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.

 
2021-06-16
Medium
CVE-2021-34204

Updating...
 

 
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

 
Low
CVE-2021-31857

Vendor: Zohocorp
Software: Manageengine...
 

 
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.

 
2021-06-15
Medium
CVE-2021-28857

Updating...
 

 
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top