Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7517 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | |||||
| CVE-2020-7516 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | |||||
| CVE-2020-7513 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | |||||
| CVE-2020-7213 | 1 Parallels | 1 Parallels | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site. | |||||
| CVE-2020-6980 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. | |||||
| CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2020-6648 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | |||||
| CVE-2020-5899 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code. | |||||
| CVE-2020-5805 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC. | |||||
| CVE-2020-5723 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. | |||||
| CVE-2020-5018 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. | |||||
| CVE-2020-4980 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. | |||||
| CVE-2020-4944 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. | |||||
| CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. | |||||
| CVE-2020-4843 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048. | |||||
| CVE-2020-4619 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976. | |||||
| CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | |||||
| CVE-2020-4369 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. | |||||
| CVE-2020-4224 | 1 Ibm | 1 Storediq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | |||||
| CVE-2020-4189 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850. | |||||