Total
683 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36096 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.2 Medium |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | ||||
| CVE-2021-35526 | 2 Hitachiabb-powergrids, Hitachienergy | 2 Sdm600 Firmware, Sdm600 | 2024-11-21 | 6.3 Medium |
| Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). | ||||
| CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2024-11-21 | 6.5 Medium |
| A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-35035 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2024-11-21 | 4.9 Medium |
| A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | ||||
| CVE-2021-34544 | 1 Bkw | 2 Solar-log 500, Solar-log 500 Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. | ||||
| CVE-2021-33716 | 1 Siemens | 4 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware, Simatic Cp 1545-1 and 1 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. | ||||
| CVE-2021-32942 | 1 Aveva | 2 Intouch 2017, Intouch 2020 | 2024-11-21 | 6.6 Medium |
| The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. | ||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2024-11-21 | 5.3 Medium |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | ||||
| CVE-2021-31855 | 1 Kde | 1 Messagelib | 2024-11-21 | 6.5 Medium |
| KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. | ||||
| CVE-2021-31821 | 2 Microsoft, Octopus | 2 Windows, Tentacle | 2024-11-21 | 5.5 Medium |
| When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image | ||||
| CVE-2021-31820 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | ||||
| CVE-2021-31817 | 1 Octopus | 1 Server | 2024-11-21 | 7.5 High |
| When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | ||||
| CVE-2021-31816 | 1 Octopus | 1 Server | 2024-11-21 | 7.5 High |
| When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | ||||
| CVE-2021-31791 | 1 Sentrysoftware | 1 Hardware Sentry Km For Bmc Patrol | 2024-11-21 | 7.5 High |
| In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. | ||||
| CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-11-21 | 7.9 High |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | ||||
| CVE-2021-31539 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 5.5 Medium |
| Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords. | ||||
| CVE-2021-30997 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 7.5 High |
| A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail. | ||||
| CVE-2021-30183 | 1 Octopus | 1 Server | 2024-11-21 | 7.5 High |
| Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. | ||||
| CVE-2021-29956 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel Eus | 2024-11-21 | 4.3 Medium |
| OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. | ||||
| CVE-2021-29954 | 1 Mozilla | 1 Hubs Cloud Reticulum | 2024-11-21 | 9.8 Critical |
| Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255. | ||||