• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-522

CVE-2021-46440

February 23, 2023 by

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a base64 decode on the victim’s cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.

CVE-2021-45892

February 23, 2023 by

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.

CVE-2021-44451

February 23, 2023 by

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.

CVE-2021-43978

February 23, 2023 by

Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.

CVE-2021-43327

February 23, 2023 by

An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.

CVE-2021-43332

February 23, 2023 by

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 76
  • Go to page 77
  • Go to page 78
  • Go to page 79
  • Go to page 80
  • Interim pages omitted …
  • Go to page 117
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE