Total
580 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-33159 | 1 Ibm | 1 Security Directory Suite Va | 2024-11-21 | N/A | 5.3 MEDIUM |
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. | |||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | N/A | 5.5 MEDIUM |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | |||||
CVE-2022-31405 | 1 Mv Idigital Clinic Enterprise Project | 1 Mv Idigital Clinic Enterprise | 2024-11-21 | N/A | 6.5 MEDIUM |
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | |||||
CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
CVE-2022-31004 | 1 Mitre | 1 Cve-services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. | |||||
CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | N/A | 6.3 MEDIUM |
Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | |||||
CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2024-11-21 | N/A | 7.5 HIGH |
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | |||||
CVE-2022-2813 | 1 Guest Management System Project | 1 Guest Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400. | |||||
CVE-2022-2805 | 1 Redhat | 1 Virtualization | 2024-11-21 | N/A | 6.5 MEDIUM |
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. | |||||
CVE-2022-2739 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux Server, Enterprise Linux Workstation | 2024-11-21 | N/A | 5.3 MEDIUM |
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | |||||
CVE-2022-2569 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | N/A | 5.5 MEDIUM |
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | |||||
CVE-2022-2513 | 1 Hitachienergy | 6 650connectivitypackage, 670connectivitypackage, Gms600connectivitypackage and 3 more | 2024-11-21 | N/A | 7.1 HIGH |
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. | |||||
CVE-2022-29868 | 1 1password | 1 1password | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password. | |||||
CVE-2022-29832 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-11-21 | N/A | 3.7 LOW |
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting. | |||||
CVE-2022-29826 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-11-21 | N/A | 6.8 MEDIUM |
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. | |||||
CVE-2022-29620 | 1 Filezilla-project | 1 Filezilla Client | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability | |||||
CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 8.5 HIGH |
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. | |||||
CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | |||||
CVE-2022-28162 | 1 Broadcom | 1 Sannav | 2024-11-21 | 2.1 LOW | 3.3 LOW |
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | |||||
CVE-2022-27549 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
HCL Launch may store certain data for recurring activities in a plain text format. |