Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23463 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2024-02-28 | N/A | 7.5 HIGH |
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | |||||
CVE-2022-29833 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally. | |||||
CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2024-02-28 | N/A | 7.5 HIGH |
An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | |||||
CVE-2022-4312 | 1 Arcinformatique | 1 Pcvue | 2024-02-28 | N/A | 5.5 MEDIUM |
A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | |||||
CVE-2022-41732 | 1 Ibm | 1 Maximo Application Suite | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. | |||||
CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2024-02-28 | N/A | 6.5 MEDIUM |
A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | |||||
CVE-2022-32520 | 1 Schneider-electric | 1 Data Center Expert | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
CVE-2023-24619 | 1 Redpanda | 1 Redpanda | 2024-02-28 | N/A | 5.5 MEDIUM |
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | |||||
CVE-2020-35992 | 1 Fiserv | 1 Prologue | 2024-02-28 | N/A | 6.5 MEDIUM |
Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database. | |||||
CVE-2020-15347 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 9.8 CRITICAL |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | |||||
CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2024-02-28 | N/A | 7.8 HIGH |
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2022-20914 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 4.9 MEDIUM |
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials. | |||||
CVE-2022-35411 | 1 Rpc.py Project | 1 Rpc.py | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. | |||||
CVE-2020-10710 | 1 Theforeman | 1 Foreman | 2024-02-28 | N/A | 4.4 MEDIUM |
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. | |||||
CVE-2022-1794 | 2 Codesys, Microsoft | 2 Opc Da Server, Windows | 2024-02-28 | 4.7 MEDIUM | 5.5 MEDIUM |
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | |||||
CVE-2022-37193 | 1 Chipolo | 2 Chipolo, Chipolo One | 2024-02-28 | N/A | 7.4 HIGH |
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | |||||
CVE-2022-37109 | 1 Camp Project | 1 Camp | 2024-02-28 | N/A | 9.8 CRITICAL |
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie. | |||||
CVE-2022-28291 | 1 Tenable | 1 Nessus | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | |||||
CVE-2022-38665 | 1 Jenkins | 1 Collabnet | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-41575 | 1 Gradle | 1 Enterprise | 2024-02-28 | N/A | 7.5 HIGH |
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. |