Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36617 | 1 Haystacksoftware | 1 Arq Backup | 2024-02-28 | N/A | 4.9 MEDIUM |
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. | |||||
CVE-2022-41247 | 1 Jenkins | 1 Bigpanda Notifier | 2024-02-28 | N/A | 4.3 MEDIUM |
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-33953 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | |||||
CVE-2020-28865 | 1 Powerjob | 1 Powerjob | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | |||||
CVE-2022-34202 | 1 Jenkins | 1 Easyqa | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-34807 | 1 Jenkins | 1 Elasticsearch Query | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-31085 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. | |||||
CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | |||||
CVE-2022-1342 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | |||||
CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-34799 | 1 Jenkins | 1 Deployment Dashboard | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2022-34816 | 1 Jenkins | 1 Hpe Network Virtualization | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
CVE-2021-33107 | 1 Intel | 446 Active Management Technology Software Development Kit, B150, B250 and 443 more | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
CVE-2021-39046 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | |||||
CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | |||||
CVE-2022-27179 | 1 Redlion | 2 Da50n, Da50n Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. | |||||
CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
CVE-2022-1413 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | |||||
CVE-2022-30952 | 1 Jenkins | 1 Blue Ocean | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. |