Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29588 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. | |||||
| CVE-2022-29507 | 1 Intel | 1 Team Blue | 2024-11-21 | N/A | 5.5 MEDIUM |
| Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | |||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2024-11-21 | N/A | 6.4 MEDIUM |
| Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | |||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | |||||
| CVE-2022-28291 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | |||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | |||||
| CVE-2022-28141 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-28005 | 1 3cx | 1 3cx | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | |||||
| CVE-2022-27776 | 6 Brocade, Debian, Fedoraproject and 3 more | 18 Fabric Operating System, Debian Linux, Fedora and 15 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | |||||
| CVE-2022-27774 | 5 Brocade, Debian, Haxx and 2 more | 17 Fabric Operating System, Debian Linux, Curl and 14 more | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | |||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2024-11-21 | N/A | 6.0 MEDIUM |
| HCL VersionVault Express exposes administrator credentials. | |||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 2.1 LOW | 4.9 MEDIUM |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | N/A | 5.0 MEDIUM |
| BigFix Web Reports authorized users may see SMTP credentials in clear text. | |||||
| CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||