Vulnerabilities (CVE)

Filtered by CWE-312
Total 576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24660 1 Goldshell 1 Goldshell Miner Firmware 2024-11-21 N/A 7.5 HIGH
The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.
CVE-2022-24410 1 Dell 310 Alienware 13 R2, Alienware 13 R2 Firmware, Alienware 13 R3 and 307 more 2024-11-21 N/A 6.8 MEDIUM
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.
CVE-2022-24188 1 Sz-fujia 1 Ourphoto 2024-11-21 N/A 7.5 HIGH
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.
CVE-2022-24120 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-11-21 N/A 4.6 MEDIUM
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
CVE-2022-23236 1 Netapp 1 E-series Santricity Os Controller 2024-11-21 2.1 LOW 4.4 MEDIUM
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.
CVE-2022-23234 1 Netapp 1 Snapcenter 2024-11-21 2.1 LOW 5.5 MEDIUM
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.
CVE-2022-23129 2 Iconics, Mitsubishielectric 2 Genesis64, Mc Works64 2024-11-21 2.1 LOW 5.5 MEDIUM
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information.
CVE-2022-22789 1 Charactell 1 Formstorm 2024-11-21 4.6 MEDIUM 6.1 MEDIUM
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
CVE-2022-22484 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Protect, Linux Kernel and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
CVE-2022-22478 6 Apple, Hp, Ibm and 3 more 7 Macos, Hp-ux, Aix and 4 more 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.
CVE-2022-22470 1 Ibm 1 Security Verify Governance 2024-11-21 N/A 4.1 MEDIUM
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
CVE-2022-22457 2 Ibm, Linux 2 Security Verify Governance, Linux Kernel 2024-11-21 N/A 5.3 MEDIUM
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.
CVE-2022-22367 1 Ibm 1 Urbancode Deploy 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
CVE-2022-22366 1 Ibm 1 Urbancode Deploy 2024-11-21 2.1 LOW 4.4 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.
CVE-2022-22302 1 Fortinet 2 Fortiauthenticator, Fortios 2024-11-21 N/A 5.3 MEDIUM
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
CVE-2022-22069 1 Qualcomm 174 Aqt1000, Aqt1000 Firmware, Qca6390 and 171 more 2024-11-21 N/A 7.7 HIGH
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-22031 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2024-11-21 7.2 HIGH 7.8 HIGH
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
CVE-2022-21818 1 Nvidia 1 License System 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity.
CVE-2022-20660 1 Cisco 40 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 37 more 2024-11-21 2.1 LOW 4.6 MEDIUM
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
CVE-2022-20219 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613