Total
574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23776 | 1 Fortinet | 1 Fortianalyzer | 2024-02-28 | N/A | 3.1 LOW |
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | |||||
CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2024-02-28 | N/A | 5.5 MEDIUM |
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-24188 | 1 Sz-fujia | 1 Ourphoto | 2024-02-28 | N/A | 7.5 HIGH |
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. | |||||
CVE-2022-37785 | 1 Wecube-platform Project | 1 Wecube-platform | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. | |||||
CVE-2022-31405 | 1 Mv Idigital Clinic Enterprise Project | 1 Mv Idigital Clinic Enterprise | 2024-02-28 | N/A | 6.5 MEDIUM |
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | |||||
CVE-2022-41740 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-02-28 | N/A | 4.6 MEDIUM |
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | |||||
CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-02-28 | N/A | 7.5 HIGH |
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||
CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 8.8 HIGH |
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2021-36782 | 1 Suse | 1 Rancher | 2024-02-28 | N/A | 9.9 CRITICAL |
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. | |||||
CVE-2022-35279 | 1 Ibm | 1 Business Automation Workflow | 2024-02-28 | N/A | 4.3 MEDIUM |
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." | |||||
CVE-2022-33918 | 1 Dell | 1 Geodrive | 2024-02-28 | N/A | 5.5 MEDIUM |
Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | |||||
CVE-2022-2813 | 1 Guest Management System Project | 1 Guest Management System | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400. | |||||
CVE-2022-22366 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. | |||||
CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2024-02-28 | N/A | 7.5 HIGH |
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | |||||
CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 6.5 MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. | |||||
CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2024-02-28 | N/A | 7.5 HIGH |
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | |||||
CVE-2022-34339 | 1 Ibm | 1 Cognos Analytics | 2024-02-28 | N/A | 6.5 MEDIUM |
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | |||||
CVE-2020-15332 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 9.8 CRITICAL |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | |||||
CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2024-02-28 | N/A | 5.5 MEDIUM |
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | |||||
CVE-2022-39351 | 1 Owasp | 1 Dependency-track | 2024-02-28 | N/A | 4.4 MEDIUM |
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage. |