Total
532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33716 | 1 Siemens | 4 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware, Simatic Cp 1545-1 and 1 more | 2022-12-08 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. | |||||
| CVE-2019-4566 | 1 Ibm | 1 Security Key Lifecycle Manager | 2022-12-07 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | |||||
| CVE-2022-35120 | 1 Ixpdata | 1 Easyinstall | 2022-12-06 | N/A | 8.8 HIGH |
| IXPdata EasyInstall 6.6.14725 contains an access control issue. | |||||
| CVE-2022-24188 | 1 Sz-fujia | 1 Ourphoto | 2022-12-01 | N/A | 7.5 HIGH |
| The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. | |||||
| CVE-2022-35279 | 1 Ibm | 1 Business Automation Workflow | 2022-11-10 | N/A | 4.3 MEDIUM |
| "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." | |||||
| CVE-2022-42956 | 1 Passwork | 1 Passwork | 2022-11-08 | N/A | 7.5 HIGH |
| The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. | |||||
| CVE-2022-42955 | 1 Passwork | 1 Passwork | 2022-11-08 | N/A | 7.5 HIGH |
| The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. | |||||
| CVE-2022-2805 | 1 Redhat | 1 Virtualization | 2022-11-07 | N/A | 6.5 MEDIUM |
| A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. | |||||
| CVE-2022-34339 | 1 Ibm | 1 Cognos Analytics | 2022-11-04 | N/A | 6.5 MEDIUM |
| "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | |||||
| CVE-2021-39009 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-11-03 | N/A | 5.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. | |||||
| CVE-2022-39364 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2022-10-31 | N/A | 6.5 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. | |||||
| CVE-2022-39351 | 1 Owasp | 1 Dependency-track | 2022-10-28 | N/A | 4.4 MEDIUM |
| Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage. | |||||
| CVE-2020-15325 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | |||||
| CVE-2020-15332 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | |||||
| CVE-2021-23182 | 1 Gallagher | 1 Command Centre | 2022-10-25 | 2.1 LOW | 4.4 MEDIUM |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. | |||||
| CVE-2021-32942 | 1 Aveva | 2 Intouch 2017, Intouch 2020 | 2022-10-25 | 2.1 LOW | 5.5 MEDIUM |
| The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. | |||||
| CVE-2022-3540 | 1 Hunter2 Project | 1 Hunter2 | 2022-10-20 | N/A | 6.5 MEDIUM |
| An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses | |||||
| CVE-2022-33918 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 5.5 MEDIUM |
| Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | |||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2022-10-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | |||||
| CVE-2021-40363 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2022-10-06 | 2.1 LOW | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. | |||||