• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-522

CVE-2021-37400

February 23, 2023 by

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.

CVE-2021-37401

February 23, 2023 by

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.

CVE-2021-37187

February 23, 2023 by

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users’ passwords.

CVE-2021-36783

February 23, 2023 by

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

CVE-2021-3681

February 23, 2023 by

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the “build_ignore“ list in “galaxy.yml” include files in the “.tar.gz“ file. This contains sensitive info, such as the user’s Ansible Galaxy API key and any secrets in “ansible“ or “ansible-playbook“ verbose output without the“no_log“ redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.

CVE-2021-36382

February 23, 2023 by

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 80
  • Go to page 81
  • Go to page 82
  • Go to page 83
  • Go to page 84
  • Interim pages omitted …
  • Go to page 117
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE