ReportizFlow
Filtered by vendor
Subscriptions
Total
1126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 6.5 Medium |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | ||||
| CVE-2023-0457 | 1 Mitsubishielectric | 76 Fx5-enet, Fx5-enet\/ip, Fx5-enet\/ip Firmware and 73 more | 2024-11-21 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | ||||
| CVE-2022-4926 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-4693 | 1 Pickplugins | 1 User Verification | 2024-11-21 | 9.8 Critical |
| The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. | ||||
| CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4312 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | 5.5 Medium |
| A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | ||||
| CVE-2022-4308 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 6.1 Medium |
| Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | ||||
| CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.1 Medium |
| In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | ||||
| CVE-2022-47880 | 1 Jedox | 2 Jedox, Jedox Cloud | 2024-11-21 | 5.3 Medium |
| An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | ||||
| CVE-2022-47561 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 7.3 High |
| The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | ||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2024-11-21 | 7.3 High |
| The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | ||||
| CVE-2022-47037 | 1 Siklu | 9 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 6 more | 2024-11-21 | 7.5 High |
| Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | ||||
| CVE-2022-46155 | 1 Airtable | 1 Airtable | 2024-11-21 | 7.6 High |
| Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This only affects copies of Airtable.js built from its source, not those installed via npm or yarn. Airtable API keys set in users’ environments via the AIRTABLE_API_KEY environment variable may be bundled into local copies of Airtable.js source code if all of the following conditions are met: 1) the user has cloned the Airtable.js source onto their machine, 2) the user runs the `npm prepare` script, and 3) the user' has the AIRTABLE_API_KEY environment variable set. If these conditions are met, a user’s local build of Airtable.js would be modified to include the value of the AIRTABLE_API_KEY environment variable, which could then be accidentally shipped in the bundled code. Users who do not meet all three of these conditions are not impacted by this issue. Users should upgrade to Airtable.js version 0.11.6 or higher; or, as a workaround unset the AIRTABLE_API_KEY environment variable in their shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Users should also regenerate any Airtable API keys they use, as the keysy may be present in bundled code. | ||||
| CVE-2022-46142 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2024-11-21 | 5.7 Medium |
| Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. | ||||
| CVE-2022-45859 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 3.9 Low |
| An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | ||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2024-11-21 | 9.8 Critical |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | ||||
| CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 6.5 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-45384 | 1 Jenkins | 1 Reverse Proxy Auth | 2024-11-21 | 6.5 Medium |
| Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | ||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||