Total
605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22789 | 1 Charactell | 1 Formstorm | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
| Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file. | |||||
| CVE-2022-22484 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322. | |||||
| CVE-2022-22478 | 6 Apple, Hp, Ibm and 3 more | 7 Macos, Hp-ux, Aix and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. | |||||
| CVE-2022-22470 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 4.1 MEDIUM |
| IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. | |||||
| CVE-2022-22367 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. | |||||
| CVE-2022-22366 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. | |||||
| CVE-2022-22302 | 1 Fortinet | 2 Fortiauthenticator, Fortios | 2024-11-21 | N/A | 5.3 MEDIUM |
| A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. | |||||
| CVE-2022-22069 | 1 Qualcomm | 174 Aqt1000, Aqt1000 Firmware, Qca6390 and 171 more | 2024-11-21 | N/A | 7.7 HIGH |
| Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-22031 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | |||||
| CVE-2022-21818 | 1 Nvidia | 1 License System | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity. | |||||
| CVE-2022-20660 | 1 Cisco | 40 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 37 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks. | |||||
| CVE-2022-20219 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 | |||||
| CVE-2022-0835 | 1 Aveva | 1 System Platform | 2024-11-21 | 1.9 LOW | 8.1 HIGH |
| AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. | |||||
| CVE-2021-45491 | 1 3cx | 1 3cx | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| 3CX System through 2022-03-17 stores cleartext passwords in a database. | |||||
| CVE-2021-45077 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | |||||
| CVE-2021-45025 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | |||||
| CVE-2021-43590 | 1 Dell | 1 Enterprise Storage Analytics | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
| Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | |||||
| CVE-2021-42763 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. | |||||
| CVE-2021-42642 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. | |||||