Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2022-08-13 | N/A | 8.8 HIGH |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 6.5 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. | |||||
| CVE-2021-41302 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2022-08-12 | 5.0 MEDIUM | 7.3 HIGH |
| ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | |||||
| CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2022-08-08 | N/A | 7.5 HIGH |
| Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | |||||
| CVE-2021-42370 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2022-07-29 | 4.3 MEDIUM | 7.5 HIGH |
| A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.) | |||||
| CVE-2022-24660 | 1 Goldshell | 1 Goldshell Miner Firmware | 2022-07-27 | N/A | 7.5 HIGH |
| The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext. | |||||
| CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
| In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | |||||
| CVE-2019-15507 | 1 Octopus | 1 Server | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
| In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | |||||
| CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | N/A | 7.5 HIGH |
| Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | |||||
| CVE-2021-38150 | 1 Sap | 1 Business Client | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. | |||||
| CVE-2021-36165 | 1 Riconmobile | 2 S9922l, S9922l Firmware | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. | |||||
| CVE-2020-4980 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. | |||||
| CVE-2020-35454 | 1 Taidii | 1 Diibear | 2022-07-12 | 2.1 LOW | 6.8 MEDIUM |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. | |||||
| CVE-2021-45077 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | |||||
| CVE-2021-37452 | 1 Nch | 1 Quorum | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | |||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | |||||
| CVE-2020-35455 | 1 Taidii | 1 Diibear | 2022-07-12 | 2.1 LOW | 7.8 HIGH |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | |||||
| CVE-2022-22366 | 1 Ibm | 1 Urbancode Deploy | 2022-07-08 | 2.1 LOW | 4.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. | |||||
| CVE-2022-22367 | 1 Ibm | 1 Urbancode Deploy | 2022-07-08 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. | |||||
| CVE-2022-22478 | 6 Apple, Hp, Ibm and 3 more | 7 Macos, Hp-ux, Aix and 4 more | 2022-07-08 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. | |||||