Total
1070 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2024-08-03 | 5.5 Medium |
| Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. | ||||
| CVE-2022-29839 | 2 Linux, Westerndigital | 12 Linux Kernel, My Cloud, My Cloud Dl2100 and 9 more | 2024-08-03 | 4.1 Medium |
| Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | ||||
| CVE-2022-29833 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-08-03 | 6.8 Medium |
| Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally. | ||||
| CVE-2022-29588 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-08-03 | 7.5 High |
| Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. | ||||
| CVE-2022-29507 | 1 Intel | 1 Team Blue | 2024-08-03 | 5.5 Medium |
| Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2024-08-03 | 8.8 High |
| Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | ||||
| CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-08-03 | 4.3 Medium |
| Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 8.4 High |
| In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | ||||
| CVE-2022-28291 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.5 Medium |
| Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | ||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-08-03 | 6.5 Medium |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | ||||
| CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2024-08-03 | 6.5 Medium |
| Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-28141 | 1 Jenkins | 1 Proxmox | 2024-08-03 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-28005 | 1 3cx | 1 3cx | 2024-08-03 | 9.8 Critical |
| An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | ||||
| CVE-2022-27774 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-08-03 | 5.7 Medium |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | ||||
| CVE-2022-27776 | 7 Brocade, Debian, Fedoraproject and 4 more | 19 Fabric Operating System, Debian Linux, Fedora and 16 more | 2024-08-03 | 6.5 Medium |
| A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | ||||
| CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2024-08-03 | 4.3 Medium |
| Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2024-08-03 | 6.5 Medium |
| Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2024-08-03 | 6.5 Medium |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2024-08-03 | 6.5 Medium |
| Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2024-08-03 | 5.8 Medium |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | ||||