ReportizFlow
Filtered by vendor
Subscriptions
Total
626 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35120 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 8.8 High |
| IXPdata EasyInstall 6.6.14725 contains an access control issue. | ||||
| CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2024-11-21 | 7.5 High |
| Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | ||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2024-11-21 | 4.1 Medium |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | ||||
| CVE-2022-34388 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.1 High |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | ||||
| CVE-2022-34351 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | ||||
| CVE-2022-34339 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 6.5 Medium |
| "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | ||||
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.4 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2022-33918 | 1 Dell | 1 Geodrive | 2024-11-21 | 5.5 Medium |
| Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | ||||
| CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 5.3 Medium |
| A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | ||||
| CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.5 Medium |
| The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | ||||
| CVE-2022-31405 | 1 Mv Idigital Clinic Enterprise Project | 1 Mv Idigital Clinic Enterprise | 2024-11-21 | 6.5 Medium |
| MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | ||||
| CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-11-21 | 7.5 High |
| In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | ||||
| CVE-2022-31004 | 1 Mitre | 1 Cve-services | 2024-11-21 | 7.5 High |
| CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. | ||||
| CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 6.3 Medium |
| Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | ||||
| CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2024-11-21 | 7.5 High |
| The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | ||||
| CVE-2022-2813 | 1 Guest Management System Project | 1 Guest Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400. | ||||
| CVE-2022-2805 | 1 Redhat | 2 Rhev Manager, Virtualization | 2024-11-21 | 6.5 Medium |
| A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. | ||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2024-11-21 | 5.3 Medium |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | ||||
| CVE-2022-2569 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | 5.5 Medium |
| The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | ||||
| CVE-2022-2513 | 1 Hitachienergy | 6 650connectivitypackage, 670connectivitypackage, Gms600connectivitypackage and 3 more | 2024-11-21 | 7.1 High |
| A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. | ||||