Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2022-04-05 | 7.5 High |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | ||||
| CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2022-04-01 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | ||||
| CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-03-31 | 8.8 High |
| Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | ||||
| CVE-2022-22908 | 1 Sangfor | 1 Vdi Client | 2022-03-07 | 5.5 Medium |
| SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. | ||||
| CVE-2022-24610 | 1 Alecto | 2 Dvc-215ip, Dvc-215ip Firmware | 2022-03-03 | 8.6 High |
| Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. | ||||
| CVE-2022-24982 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 6.5 Medium |
| Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials. | ||||
| CVE-2022-0019 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Globalprotect | 2022-02-17 | 5.5 Medium |
| An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. | ||||
| CVE-2021-44451 | 1 Apache | 1 Superset | 2022-02-05 | 6.5 Medium |
| Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher. | ||||
| CVE-2016-9360 | 1 Ge | 3 Cimplicity, Historian, Ifix | 2022-02-03 | 6.7 Medium |
| An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. | ||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2022-02-03 | 9.8 Critical |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | ||||
| CVE-2015-3962 | 1 Schneider-electric | 1 Struxureware Building Expert Multi-purpose Management | 2022-02-02 | N/A |
| Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | ||||
| CVE-2022-0184 | 1 Kingjim | 7 Sma3, Spc10, Spc10 Firmware and 4 more | 2022-01-28 | 4.3 Medium |
| Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | ||||
| CVE-2022-22554 | 1 Dell | 1 Emc System Update | 2022-01-28 | 5.5 Medium |
| Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | ||||
| CVE-2021-20826 | 1 Idec | 7 Data File Manager, Microsmart Fc6a, Microsmart Fc6a Firmware and 4 more | 2022-01-11 | 7.6 High |
| Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted. | ||||
| CVE-2021-37400 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2022-01-07 | 9.8 Critical |
| An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | ||||
| CVE-2021-37401 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2022-01-07 | 9.8 Critical |
| An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | ||||
| CVE-2021-20164 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. | ||||
| CVE-2021-20163 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 4.9 Medium |
| Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. | ||||
| CVE-2019-10921 | 1 Siemens | 2 Logo\!8 Bm, Logo\!8 Bm Firmware | 2022-01-04 | 7.5 High |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known | ||||
| CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2022-01-01 | 6.5 Medium |
| If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | ||||