Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20046 | 1 Cisco | 6 Asr 5000, Asr 5500, Asr 5700 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability. | |||||
| CVE-2023-1778 | 1 Gajshield | 2 Data Security Firewall, Data Security Firewall Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | |||||
| CVE-2023-1763 | 2 Apple, Canon | 3 Mac Os X, Macos, Ij Network Tool | 2024-11-21 | N/A | 6.5 MEDIUM |
| Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | |||||
| CVE-2023-1633 | 2 Openstack, Redhat | 2 Barbican, Openstack Platform | 2024-11-21 | N/A | 6.6 MEDIUM |
| A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | |||||
| CVE-2023-1574 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | |||||
| CVE-2023-1518 | 1 Cpplusworld | 1 Kvms Pro | 2024-11-21 | N/A | 7.8 HIGH |
| CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. | |||||
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 6.5 MEDIUM |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | |||||
| CVE-2023-0457 | 1 Mitsubishielectric | 76 Fx5-enet, Fx5-enet\/ip, Fx5-enet\/ip Firmware and 73 more | 2024-11-21 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | |||||
| CVE-2022-4926 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4693 | 1 Pickplugins | 1 User Verification | 2024-11-21 | N/A | 9.8 CRITICAL |
| The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. | |||||
| CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4312 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | N/A | 5.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | |||||
| CVE-2022-4308 | 1 Secomea | 1 Gatemanager | 2024-11-21 | N/A | 6.1 MEDIUM |
| Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | |||||
| CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 6.1 MEDIUM |
| In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | |||||
| CVE-2022-47880 | 1 Jedox | 2 Jedox, Jedox Cloud | 2024-11-21 | N/A | 5.3 MEDIUM |
| An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | |||||
| CVE-2022-47561 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | N/A | 7.3 HIGH |
| The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | |||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2024-11-21 | N/A | 7.3 HIGH |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | |||||
| CVE-2022-47037 | 1 Siklu | 9 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 6 more | 2024-11-21 | N/A | 7.5 HIGH |
| Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | |||||
| CVE-2022-45859 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 4.1 MEDIUM |
| An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | |||||
| CVE-2022-45611 | 1 Fresenius-kabi | 2 Pharmahelp, Pharmahelp Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | |||||