Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2022-10-01 | N/A | 6.5 MEDIUM |
| In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | |||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2022-09-30 | N/A | 4.9 MEDIUM |
| Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | |||||
| CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2022-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | |||||
| CVE-2021-34560 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2022-09-29 | 2.1 LOW | 5.5 MEDIUM |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. | |||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | |||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | |||||
| CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 5.5 MEDIUM | 8.1 HIGH |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | |||||
| CVE-2022-36617 | 1 Haystacksoftware | 1 Arq Backup | 2022-09-14 | N/A | 4.9 MEDIUM |
| Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. | |||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2022-09-08 | N/A | 6.5 MEDIUM |
| HCL VersionVault Express exposes administrator credentials. | |||||
| CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2022-09-01 | N/A | 7.8 HIGH |
| A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-23019 | 1 F5 | 1 Nginx Controller | 2022-08-30 | 6.9 MEDIUM | 7.8 HIGH |
| The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. | |||||
| CVE-2022-34838 | 1 Abb | 1 Zenon | 2022-08-30 | N/A | 8.4 HIGH |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | |||||
| CVE-2021-23207 | 1 Fresenius-kabi | 7 Agilia Connect, Agilia Partner Maintenance Software, Link\+ Agilia and 4 more | 2022-08-30 | 2.1 LOW | 5.5 MEDIUM |
| An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users. | |||||
| CVE-2012-5627 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2022-08-29 | 4.0 MEDIUM | N/A |
| Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | |||||
| CVE-2018-1139 | 3 Canonical, Redhat, Samba | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2022-08-29 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | |||||
| CVE-2022-34837 | 1 Abb | 1 Zenon | 2022-08-29 | N/A | 6.1 MEDIUM |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | |||||
| CVE-2020-35992 | 1 Fiserv | 1 Prologue | 2022-08-25 | N/A | 6.5 MEDIUM |
| Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database. | |||||
| CVE-2022-36308 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 9.1 CRITICAL |
| Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-36307 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 6.8 MEDIUM |
| The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-22983 | 1 Vmware | 1 Workstation | 2022-08-15 | N/A | 5.9 MEDIUM |
| VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation. | |||||