Total
1020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22983 | 1 Vmware | 1 Workstation | 2022-08-15 | N/A | 5.9 MEDIUM |
| VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation. | |||||
| CVE-2021-35050 | 1 Fidelissecurity | 2 Deception, Network | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. | |||||
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2022-08-10 | N/A | 5.0 MEDIUM |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | |||||
| CVE-2021-41972 | 1 Apache | 1 Superset | 2022-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. | |||||
| CVE-2021-1126 | 1 Cisco | 1 Firepower Management Center | 2022-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. | |||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | |||||
| CVE-2022-33169 | 1 Ibm | 1 Robotic Process Automation | 2022-08-05 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. | |||||
| CVE-2021-28496 | 1 Arista | 1 Eos | 2022-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train | |||||
| CVE-2021-28171 | 1 Deltaflow Project | 1 Deltaflow | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. | |||||
| CVE-2021-28499 | 1 Arista | 2 7130, Metamako Operating System | 2022-07-29 | 2.1 LOW | 5.5 MEDIUM |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | |||||
| CVE-2021-33107 | 1 Intel | 446 Active Management Technology Software Development Kit, B150, B250 and 443 more | 2022-07-28 | 2.1 LOW | 4.6 MEDIUM |
| Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2022-07-27 | N/A | 6.5 MEDIUM |
| BigFix Web Reports authorized users may see SMTP credentials in clear text. | |||||
| CVE-2022-1766 | 1 Anchore | 2 Anchore, Anchorectl | 2022-07-27 | N/A | 7.5 HIGH |
| Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue. | |||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 6 Ubuntu Linux, Leap, Requests and 3 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2022-22998 | 2 Linux, Westerndigital | 5 Linux Kernel, My Cloud Home, My Cloud Home Duo and 2 more | 2022-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Implemented protections on AWS credentials that were not properly protected. | |||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2022-07-14 | 2.1 LOW | 5.5 MEDIUM |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2021-27941 | 1 Coolkit | 1 Ewelink | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. | |||||
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | |||||
| CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | |||||