Total
1020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29321 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-27935 | 1 Adguard | 1 Adguard Home | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | |||||
| CVE-2021-39046 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | |||||
| CVE-2021-34075 | 1 Artica | 1 Pandora Fms | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | |||||
| CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2022-07-12 | 4.3 MEDIUM | 3.7 LOW |
| Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | |||||
| CVE-2021-20410 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2022-07-12 | 3.5 LOW | 5.3 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. | |||||
| CVE-2021-46440 | 1 Strapi | 1 Strapi | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | |||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2022-07-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | |||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2022-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | |||||
| CVE-2022-33953 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2022-07-05 | 2.1 LOW | 4.6 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | |||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | |||||
| CVE-2022-1666 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. | |||||
| CVE-2021-32003 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2022-07-02 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
| CVE-2022-21184 | 1 Atvise | 1 Atvise | 2022-06-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2020-28865 | 1 Powerjob | 1 Powerjob | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | |||||
| CVE-2020-15942 | 1 Fortinet | 1 Fortiweb | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | |||||
| CVE-2021-29043 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-06-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing. | |||||
| CVE-2022-31044 | 1 Pagerduty | 1 Rundeck | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | |||||
| CVE-2022-1342 | 1 Devolutions | 1 Remote Desktop Manager | 2022-06-24 | 2.1 LOW | 4.6 MEDIUM |
| A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | |||||