An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis
CWE-522
CVE-2020-12333
Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12309
Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2020-12316
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access.
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
CVE-2020-12061
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller.