CWE:
 

Tytuł
Data
Autor
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-09-14
Waiting for details
CVE-2021-33716

Updating...
 

 
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

 
2021-09-08
Medium
CVE-2020-19137

Vendor: Autumn project
Software: Autumn
 

 
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

 
Low
CVE-2021-1865

Vendor: Apple
Software: Ipados
 

 
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

 
2021-09-06
Low
CVE-2021-36096

Vendor: OTRS
Software: OTRS
 

 
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

 
2021-08-25
Low
CVE-2021-31989

Vendor: AXIS
Software: Device manager
 

 
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.

 
2021-08-18
Medium
CVE-2021-31820

Updating...
 

 
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

 
2021-08-06
Medium
CVE-2021-37548

Vendor: Jetbrains
Software: Teamcity
 

 
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

 
2021-08-03
Medium
CVE-2021-33323

Vendor: Liferay
Software: DXP
 

 
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.

 
Low
CVE-2021-33325

Vendor: Liferay
Software: DXP
 

 
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.

 
2021-07-15
Low
CVE-2021-20510

Updating...
 

 
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299

 

 


Copyright 2021, cxsecurity.com

 

Back to Top