Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-02-04 | N/A | 7.5 HIGH |
| In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
| CVE-2022-33918 | 1 Dell | 1 Geodrive | 2024-02-04 | N/A | 5.5 MEDIUM |
| Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | |||||
| CVE-2021-36782 | 1 Suse | 1 Rancher | 2024-02-04 | N/A | 9.9 CRITICAL |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. | |||||
| CVE-2022-34339 | 1 Ibm | 1 Cognos Analytics | 2024-02-04 | N/A | 6.5 MEDIUM |
| "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | |||||
| CVE-2022-2805 | 1 Redhat | 1 Virtualization | 2024-02-04 | N/A | 6.5 MEDIUM |
| A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. | |||||
| CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2024-02-04 | N/A | 5.5 MEDIUM |
| A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | |||||
| CVE-2022-42956 | 1 Passwork | 1 Passwork | 2024-02-04 | N/A | 7.5 HIGH |
| The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. | |||||
| CVE-2022-3540 | 1 Hunter2 Project | 1 Hunter2 | 2024-02-04 | N/A | 6.5 MEDIUM |
| An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses | |||||
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2024-02-04 | N/A | 8.8 HIGH |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-2813 | 1 Guest Management System Project | 1 Guest Management System | 2024-02-04 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400. | |||||
| CVE-2022-39364 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-02-04 | N/A | 6.5 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. | |||||
| CVE-2022-43958 | 1 Siemens | 1 Qms Automotive | 2024-02-04 | N/A | 7.6 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users. | |||||
| CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2024-02-04 | N/A | 7.5 HIGH |
| Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | |||||
| CVE-2022-42955 | 1 Passwork | 1 Passwork | 2024-02-04 | N/A | 7.5 HIGH |
| The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. | |||||
| CVE-2022-35279 | 1 Ibm | 1 Business Automation Workflow | 2024-02-04 | N/A | 4.3 MEDIUM |
| "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." | |||||
| CVE-2022-20219 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 | |||||
| CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-02-04 | N/A | 7.5 HIGH |
| Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | |||||
| CVE-2022-2569 | 1 Arcinformatique | 1 Pcvue | 2024-02-04 | N/A | 5.5 MEDIUM |
| The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | |||||
| CVE-2022-24660 | 1 Goldshell | 1 Goldshell Miner Firmware | 2024-02-04 | N/A | 7.5 HIGH |
| The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext. | |||||
| CVE-2020-15325 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-04 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | |||||