Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26228 | 1 Typo3 | 1 Typo3 | 2020-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | |||||
| CVE-2020-26551 | 1 Aviatrix | 1 Controller | 2020-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | |||||
| CVE-2020-8276 | 1 Brave | 1 Brave | 2020-11-18 | 2.1 LOW | 5.5 MEDIUM |
| The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window. | |||||
| CVE-2020-27613 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-10-29 | 4.6 MEDIUM | 8.4 HIGH |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | |||||
| CVE-2019-3937 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data. | |||||
| CVE-2019-3753 | 1 Dell | 12 Emc Powerconnect 7000, Emc Powerconnect 7000 Firmware, Emc Powerconnect 8024 and 9 more | 2020-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks. | |||||
| CVE-2019-3767 | 1 Dell | 1 Imageassist | 2020-10-16 | 1.9 LOW | 8.2 HIGH |
| Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | |||||
| CVE-2019-1627 | 1 Cisco | 2 Integrated Management Controller, Unified Computing System | 2020-10-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges. | |||||
| CVE-2019-6549 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2020-10-05 | 4.0 MEDIUM | 7.2 HIGH |
| An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. | |||||
| CVE-2020-4619 | 1 Ibm | 1 Data Risk Manager | 2020-09-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976. | |||||
| CVE-2018-18984 | 1 Medtronic | 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more | 2020-09-18 | 2.1 LOW | 4.6 MEDIUM |
| Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. | |||||
| CVE-2018-19009 | 1 Pilz | 1 Pnozmulti Configurator | 2020-09-18 | 2.1 LOW | 7.8 HIGH |
| Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. | |||||
| CVE-2020-15784 | 1 Siemens | 1 Spectrum Power 4 | 2020-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. | |||||
| CVE-2020-15484 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2020-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. | |||||
| CVE-2019-11384 | 1 Zalora | 1 Zalora | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml. | |||||
| CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | |||||
| CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 4.3 MEDIUM | 8.1 HIGH |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2019-0285 | 1 Sap | 1 Crystal Reports | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | |||||
| CVE-2019-11966 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2018-12572 | 1 Avast | 1 Free Antivirus | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | |||||