Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22557 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 7.2 HIGH | 7.5 HIGH |
| PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-22554 | 1 Dell | 1 Emc System Update | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
| Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | |||||
| CVE-2022-22550 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. | |||||
| CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 6.3 MEDIUM |
| IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | |||||
| CVE-2022-22396 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. | |||||
| CVE-2022-22251 | 1 Juniper | 2 Csrx, Junos | 2024-11-21 | N/A | 7.8 HIGH |
| On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. | |||||
| CVE-2022-21184 | 1 Atvise | 1 Atvise | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-20914 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 4.9 MEDIUM |
| A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials. | |||||
| CVE-2022-20621 | 1 Jenkins | 1 Metrics | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-1794 | 2 Codesys, Microsoft | 2 Opc Da Server, Windows | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | |||||
| CVE-2022-1766 | 1 Anchore | 2 Anchore, Anchorectl | 2024-11-21 | N/A | 7.5 HIGH |
| Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue. | |||||
| CVE-2022-1666 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. | |||||
| CVE-2022-1413 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.4 MEDIUM |
| Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | |||||
| CVE-2022-1342 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | |||||
| CVE-2022-1026 | 1 Kyocera | 1 Net Viewer | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | |||||
| CVE-2022-0859 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
| McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password. | |||||
| CVE-2022-0738 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. | |||||
| CVE-2022-0184 | 1 Kingjim | 7 Sma3, Spc10, Spc10 Firmware and 4 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | |||||
| CVE-2022-0019 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Globalprotect | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. | |||||
| CVE-2021-46440 | 1 Strapi | 1 Strapi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | |||||