Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36901 | 1 Jenkins | 1 Http Request | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2024-02-28 | N/A | 7.5 HIGH |
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | |||||
CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||
CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2024-02-28 | N/A | 4.9 MEDIUM |
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | |||||
CVE-2022-22998 | 2 Linux, Westerndigital | 5 Linux Kernel, My Cloud Home, My Cloud Home Duo and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Implemented protections on AWS credentials that were not properly protected. | |||||
CVE-2022-1766 | 1 Anchore | 2 Anchore, Anchorectl | 2024-02-28 | N/A | 7.5 HIGH |
Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue. | |||||
CVE-2022-45384 | 1 Jenkins | 1 Reverse Proxy Auth | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
CVE-2022-38663 | 1 Jenkins | 1 Git | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | |||||
CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
CVE-2022-30296 | 1 Intel | 1 Datacenter Group Event | 2024-02-28 | N/A | 7.5 HIGH |
Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2024-02-28 | N/A | 6.5 MEDIUM |
HCL VersionVault Express exposes administrator credentials. | |||||
CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2024-02-28 | N/A | 6.5 MEDIUM |
BigFix Web Reports authorized users may see SMTP credentials in clear text. | |||||
CVE-2020-15341 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 7.5 HIGH |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | |||||
CVE-2021-36783 | 1 Suse | 1 Rancher | 2024-02-28 | N/A | 9.9 CRITICAL |
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. | |||||
CVE-2022-26844 | 1 Intel | 1 Single Event Api | 2024-02-28 | N/A | 7.8 HIGH |
Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-38121 | 1 Upspowercom | 1 Upsmon Pro | 2024-02-28 | N/A | 6.5 MEDIUM |
UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file. | |||||
CVE-2022-26341 | 1 Intel | 3 Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander | 2024-02-28 | N/A | 8.8 HIGH |
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
CVE-2022-36308 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-02-28 | N/A | 9.1 CRITICAL |
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models. | |||||
CVE-2022-43419 | 1 Jenkins | 1 Katalon | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2024-02-28 | N/A | 5.5 MEDIUM |
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. |