Total
633 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.1 MEDIUM |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2022-43757 | 1 Suse | 1 Rancher | 2024-11-21 | N/A | 9.9 CRITICAL |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | |||||
| CVE-2022-42284 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 6.2 MEDIUM |
| NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. | |||||
| CVE-2022-41740 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | |||||
| CVE-2022-41734 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. | |||||
| CVE-2022-41248 | 1 Jenkins | 1 Bigpanda Notifier | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2022-3089 | 1 Echelon | 2 I.lon Vision, Smartserver | 2024-11-21 | N/A | 6.3 MEDIUM |
| Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. | |||||
| CVE-2022-39364 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-11-21 | N/A | 4.0 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. | |||||
| CVE-2022-39351 | 1 Owasp | 1 Dependency-track | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage. | |||||
| CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | |||||
| CVE-2022-38112 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | N/A | 7.5 HIGH |
| In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | |||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2024-11-21 | N/A | 7.5 HIGH |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | |||||
| CVE-2022-34924 | 1 Landray | 1 Landray Office Automation | 2024-11-21 | N/A | 7.5 HIGH |
| Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | |||||
| CVE-2022-34388 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | N/A | 7.1 HIGH |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | |||||
| CVE-2022-34351 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | |||||
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.4 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-33918 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | |||||
| CVE-2022-33159 | 1 Ibm | 1 Security Directory Suite Va | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. | |||||
| CVE-2022-31405 | 1 Mv Idigital Clinic Enterprise Project | 1 Mv Idigital Clinic Enterprise | 2024-11-21 | N/A | 6.5 MEDIUM |
| MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | |||||
| CVE-2022-31205 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||||