Total
570 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-35120 | 1 Ixpdata | 1 Easyinstall | 2024-08-03 | 8.8 High |
IXPdata EasyInstall 6.6.14725 contains an access control issue. | ||||
CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2024-08-03 | 4.1 Medium |
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | ||||
CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2024-08-03 | 7.5 High |
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | ||||
CVE-2022-34388 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-08-03 | 7.1 High |
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | ||||
CVE-2022-34339 | 1 Ibm | 1 Cognos Analytics | 2024-08-03 | 6.5 Medium |
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | ||||
CVE-2022-34351 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-08-03 | 5.9 Medium |
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | ||||
CVE-2022-33159 | 1 Ibm | 1 Security Directory Suite Va | 2024-08-03 | 5.3 Medium |
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. | ||||
CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-03 | 5.3 Medium |
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | ||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 5.5 Medium |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | ||||
CVE-2022-31405 | 1 Mv Idigital Clinic Enterprise Project | 1 Mv Idigital Clinic Enterprise | 2024-08-03 | 6.5 Medium |
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | ||||
CVE-2022-29620 | 1 Filezilla-project | 1 Filezilla Client | 2024-08-03 | 6.5 Medium |
FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability | ||||
CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-08-03 | 7.5 High |
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | ||||
CVE-2022-31004 | 1 Mitre | 1 Cve-services | 2024-08-03 | 7.5 High |
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. | ||||
CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2024-08-03 | 7.5 High |
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | ||||
CVE-2022-29868 | 1 1password | 1 1password | 2024-08-03 | 5.5 Medium |
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password. | ||||
CVE-2022-29826 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-08-03 | 6.8 Medium |
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. | ||||
CVE-2022-29832 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-08-03 | 3.7 Low |
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting. | ||||
CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2024-08-03 | 7.8 High |
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | ||||
CVE-2022-28162 | 1 Broadcom | 1 Sannav | 2024-08-03 | 3.3 Low |
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | ||||
CVE-2022-26778 | 1 Veritas | 1 System Recovery | 2024-08-03 | 5.3 Medium |
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. |