Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32520 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | N/A | 8.0 HIGH |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2022-32519 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | N/A | 8.0 HIGH |
| A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2022-32518 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | N/A | 8.0 HIGH |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | |||||
| CVE-2022-31130 | 1 Grafana | 1 Grafana | 2024-11-21 | N/A | 4.9 MEDIUM |
| Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | |||||
| CVE-2022-31085 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. | |||||
| CVE-2022-31044 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | |||||
| CVE-2022-30952 | 1 Jenkins | 1 Blue Ocean | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | |||||
| CVE-2022-30944 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2024-11-21 | N/A | 5.5 MEDIUM |
| Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-30601 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2024-11-21 | N/A | 9.8 CRITICAL |
| Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. | |||||
| CVE-2022-30587 | 1 Gradle | 1 Gradle Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | |||||
| CVE-2022-30296 | 1 Intel | 1 Datacenter Group Event | 2024-11-21 | N/A | 7.5 HIGH |
| Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2022-30231 | 1 Siemens | 1 Sicam Gridedge Essential | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. | |||||
| CVE-2022-30018 | 1 Mobotix | 1 Mxcontrolcenter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations. | |||||
| CVE-2022-2967 | 1 Prosysopc | 2 Ua Modbus Server, Ua Simulation Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. | |||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | |||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 6.4 MEDIUM | 9.8 CRITICAL |
| An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | |||||
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2024-11-21 | N/A | 5.5 MEDIUM |
| Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. | |||||
| CVE-2022-29839 | 2 Linux, Westerndigital | 12 Linux Kernel, My Cloud, My Cloud Dl2100 and 9 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | |||||
| CVE-2022-29833 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-11-21 | N/A | 6.8 MEDIUM |
| Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally. | |||||