Total
628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27178 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. | |||||
| CVE-2021-27176 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27175 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27174 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. | |||||
| CVE-2021-27140 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. | |||||
| CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-26550 | 1 Smartfoxserver | 1 Smartfoxserver | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml. | |||||
| CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | |||||
| CVE-2021-25692 | 1 Teradici | 1 Pcoip Connection Manager And Security Gateway | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | |||||
| CVE-2021-25645 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past. | |||||
| CVE-2021-25644 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. | |||||
| CVE-2021-25502 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 7.9 HIGH |
| A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | |||||
| CVE-2021-23878 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine | |||||
| CVE-2021-23827 | 4 Apple, Keybase, Microsoft and 1 more | 4 Macos, Keybase, Windows and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker. | |||||
| CVE-2021-23211 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3). | |||||
| CVE-2021-23182 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. | |||||
| CVE-2021-22300 | 1 Huawei | 2 Ecns280 Td, Ecns280 Td Firmware | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. | |||||
| CVE-2021-22206 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, | |||||
| CVE-2021-22194 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| In all versions of GitLab, marshalled session keys were being stored in Redis. | |||||
| CVE-2021-21734 | 1 Zte | 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 | |||||