Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32518 | 1 Schneider-electric | 1 Data Center Expert | 2023-02-07 | 9.8 Critical |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) | ||||
| CVE-2022-32520 | 1 Schneider-electric | 1 Data Center Expert | 2023-02-07 | 9.8 Critical |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) | ||||
| CVE-2019-4307 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2023-02-03 | 5.5 Medium |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. | ||||
| CVE-2019-4059 | 1 Ibm | 1 Rational Clearcase | 2023-02-03 | 9.8 Critical |
| IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. | ||||
| CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2023-02-03 | 5.5 Medium |
| IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | ||||
| CVE-2019-4385 | 1 Ibm | 1 Spectrum Protect Plus | 2023-01-30 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. | ||||
| CVE-2022-41859 | 1 Freeradius | 1 Freeradius | 2023-01-24 | 7.5 High |
| In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | ||||
| CVE-2021-36204 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2023-01-23 | 7.5 High |
| Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text. | ||||
| CVE-2019-11402 | 1 Gradle | 1 Enterprise | 2023-01-20 | 9.8 Critical |
| In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | ||||
| CVE-2022-2967 | 1 Prosysopc | 2 Ua Modbus Server, Ua Simulation Server | 2023-01-10 | 7.5 High |
| Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. | ||||
| CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2022-12-23 | 6.5 Medium |
| A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-29839 | 2 Linux, Westerndigital | 12 Linux Kernel, My Cloud, My Cloud Dl2100 and 9 more | 2022-12-12 | 5.5 Medium |
| Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | ||||
| CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 8.8 High |
| An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | ||||
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 4.4 Medium |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | ||||
| CVE-2020-10710 | 1 Theforeman | 1 Foreman | 2022-12-08 | 4.4 Medium |
| A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. | ||||
| CVE-2019-3938 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2022-12-06 | 7.8 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | ||||
| CVE-2022-43442 | 1 Fsi | 2 Fs040u, Fs040u Firmware | 2022-12-06 | 4.6 Medium |
| Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console. | ||||
| CVE-2022-26341 | 1 Intel | 3 Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander | 2022-11-17 | 8.8 High |
| Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-38121 | 1 Upspowercom | 1 Upsmon Pro | 2022-11-15 | 6.5 Medium |
| UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file. | ||||
| CVE-2022-36077 | 2 Electronjs, Microsoft | 2 Electron, Windows | 2022-11-09 | 6.1 Medium |
| The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround. | ||||