Total
1020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21031 | 1 Plex | 1 Media Server | 2022-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product. | |||||
| CVE-2019-0178 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2022-04-18 | 3.3 LOW | 3.6 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-45892 | 1 Zauner | 1 Arc | 2022-04-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. | |||||
| CVE-2021-32978 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. | |||||
| CVE-2022-1026 | 1 Kyocera | 1 Net Viewer | 2022-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | |||||
| CVE-2021-33024 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | |||||
| CVE-2022-0738 | 1 Gitlab | 1 Gitlab | 2022-04-07 | 4.3 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. | |||||
| CVE-2020-11694 | 2 Jetbrains, Microsoft | 2 Pycharm, Windows | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | |||||
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | |||||
| CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2022-04-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | |||||
| CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
| Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | |||||
| CVE-2022-22908 | 1 Sangfor | 1 Vdi Client | 2022-03-07 | 2.1 LOW | 5.5 MEDIUM |
| SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. | |||||
| CVE-2022-24610 | 1 Alecto | 2 Dvc-215ip, Dvc-215ip Firmware | 2022-03-03 | 5.0 MEDIUM | 8.6 HIGH |
| Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. | |||||
| CVE-2022-24982 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials. | |||||
| CVE-2022-0019 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Globalprotect | 2022-02-17 | 1.9 LOW | 5.5 MEDIUM |
| An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. | |||||
| CVE-2021-44451 | 1 Apache | 1 Superset | 2022-02-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher. | |||||
| CVE-2016-9360 | 1 Ge | 3 Cimplicity, Historian, Ifix | 2022-02-03 | 4.4 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. | |||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2022-02-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | |||||
| CVE-2015-3962 | 1 Schneider-electric | 1 Struxureware Building Expert Multi-purpose Management | 2022-02-02 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2022-0184 | 1 Kingjim | 7 Sma3, Spc10, Spc10 Firmware and 4 more | 2022-01-28 | 3.3 LOW | 4.3 MEDIUM |
| Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | |||||