Total
1109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-11-21 | 6.5 Medium |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | ||||
| CVE-2022-28141 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2024-11-21 | 6.5 Medium |
| Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-28005 | 1 3cx | 1 3cx | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | ||||
| CVE-2022-27776 | 7 Brocade, Debian, Fedoraproject and 4 more | 19 Fabric Operating System, Debian Linux, Fedora and 16 more | 2024-11-21 | 6.5 Medium |
| A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | ||||
| CVE-2022-27774 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 5.7 Medium |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | ||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2024-11-21 | 6 Medium |
| HCL VersionVault Express exposes administrator credentials. | ||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 4.9 Medium |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | ||||
| CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5 Medium |
| BigFix Web Reports authorized users may see SMTP credentials in clear text. | ||||
| CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2024-11-21 | 4.3 Medium |
| Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2024-11-21 | 6.5 Medium |
| Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 6.5 Medium |
| Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 6.5 Medium |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-27179 | 1 Redlion | 2 Da50n, Da50n Firmware | 2024-11-21 | 4.6 Medium |
| A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. | ||||
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2024-11-21 | 5.8 Medium |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | ||||
| CVE-2022-26856 | 1 Dell | 1 Emc Repository Manager | 2024-11-21 | 8.2 High |
| Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | ||||
| CVE-2022-26844 | 1 Intel | 1 Single Event Api | 2024-11-21 | 7.8 High |
| Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26341 | 1 Intel | 3 Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander | 2024-11-21 | 8.2 High |
| Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-25184 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | ||||
| CVE-2022-25180 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 4.3 Medium |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | ||||