Total
1029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1794 | 2 Codesys, Microsoft | 2 Opc Da Server, Windows | 2024-02-04 | 4.7 MEDIUM | 5.5 MEDIUM |
| The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | |||||
| CVE-2021-39045 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-04 | N/A | 5.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | |||||
| CVE-2022-36617 | 1 Haystacksoftware | 1 Arq Backup | 2024-02-04 | N/A | 4.9 MEDIUM |
| Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. | |||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2024-02-04 | N/A | 6.5 MEDIUM |
| In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext password) occur in /cgi-bin/R14.2/cgi-bin/R14.2/host.pl on the edit configuration page. Exploitation requires an authenticated attacker. | |||||
| CVE-2019-14840 | 1 Redhat | 1 Decision Manager | 2024-02-04 | N/A | 7.5 HIGH |
| A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | |||||
| CVE-2022-41575 | 1 Gradle | 1 Enterprise | 2024-02-04 | N/A | 7.5 HIGH |
| A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. | |||||
| CVE-2022-3206 | 1 Passster Project | 1 Passster | 2024-02-04 | N/A | 5.9 MEDIUM |
| The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked. | |||||
| CVE-2022-28291 | 1 Tenable | 1 Nessus | 2024-02-04 | N/A | 6.5 MEDIUM |
| Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | |||||
| CVE-2022-37109 | 1 Camp Project | 1 Camp | 2024-02-04 | N/A | 9.8 CRITICAL |
| patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie. | |||||
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2024-02-04 | N/A | 5.0 MEDIUM |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | |||||
| CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-30587 | 1 Gradle | 1 Gradle Enterprise | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | |||||
| CVE-2022-28774 | 1 Sap | 1 Host Agent | 2024-02-04 | 1.9 LOW | 5.5 MEDIUM |
| Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | |||||
| CVE-2021-23222 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | |||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | |||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2022-30231 | 1 Siemens | 1 Sicam Gridedge Essential | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. | |||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | |||||