Total
1020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3344 | 1 Redhat | 2 Openshift Builder, Openshift Container Platform | 2021-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. | |||||
| CVE-2020-5315 | 1 Dell | 1 Emc Repository Manager | 2021-08-02 | 2.1 LOW | 8.8 HIGH |
| Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. | |||||
| CVE-2021-20439 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2021-07-31 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | |||||
| CVE-2019-12452 | 1 Traefik | 1 Traefik | 2021-07-28 | 3.5 LOW | 7.5 HIGH |
| types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request. | |||||
| CVE-2021-22780 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2021-07-26 | 3.6 LOW | 7.1 HIGH |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file. | |||||
| CVE-2021-22781 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2021-07-26 | 2.1 LOW | 5.5 MEDIUM |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. | |||||
| CVE-2021-22778 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2021-07-26 | 3.6 LOW | 7.1 HIGH |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. | |||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | |||||
| CVE-2019-9104 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | |||||
| CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | |||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | |||||
| CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | |||||
| CVE-2020-13344 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis | |||||
| CVE-2019-13023 | 1 Jetstream | 1 Jetselect | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | |||||
| CVE-2020-4095 | 1 Hcltech | 1 Bigfix Platform | 2021-07-21 | 2.1 LOW | 6.0 MEDIUM |
| "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access." | |||||
| CVE-2020-29005 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | |||||
| CVE-2020-10554 | 1 Psyprax | 1 Psyprax | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | |||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | |||||
| CVE-2019-19898 | 1 Ixpdata | 1 Easyinstall | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | |||||
| CVE-2019-19696 | 1 Trendmicro | 1 Password Manager | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | |||||