Total
1196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-11-21 | 6.5 Medium |
| BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | ||||
| CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-11-21 | 4.6 Medium |
| Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | ||||
| CVE-2022-40678 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 7.4 High |
| An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. | ||||
| CVE-2022-3474 | 1 Google | 1 Bazel | 2024-11-21 | 4.3 Medium |
| A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. | ||||
| CVE-2022-39820 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | 6.5 Medium |
| In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | ||||
| CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.5 Medium |
| In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | ||||
| CVE-2022-38665 | 1 Jenkins | 1 Collabnet | 2024-11-21 | 6.5 Medium |
| Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-38663 | 1 Jenkins | 1 Git | 2024-11-21 | 6.5 Medium |
| Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | ||||
| CVE-2022-37783 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 7.5 High |
| All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework. | ||||
| CVE-2022-36901 | 1 Jenkins | 1 Http Request | 2024-11-21 | 6.5 Medium |
| Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-36617 | 1 Haystacksoftware | 1 Arq Backup | 2024-11-21 | 4.9 Medium |
| Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. | ||||
| CVE-2022-36308 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 9.1 Critical |
| Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36307 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 6.8 Medium |
| The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-35411 | 1 Rpc.py Project | 1 Rpc.py | 2024-11-21 | 9.8 Critical |
| rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. | ||||
| CVE-2022-34838 | 1 Abb | 1 Zenon | 2024-11-21 | 8.1 High |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | ||||
| CVE-2022-34837 | 1 Abb | 1 Zenon | 2024-11-21 | 6.2 Medium |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | ||||
| CVE-2022-34816 | 1 Jenkins | 1 Hpe Network Virtualization | 2024-11-21 | 6.5 Medium |
| Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34809 | 1 Jenkins | 1 Rqm | 2024-11-21 | 6.5 Medium |
| Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34808 | 1 Jenkins | 1 Cisco Spark | 2024-11-21 | 4.3 Medium |
| Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34807 | 1 Jenkins | 1 Elasticsearch Query | 2024-11-21 | 6.5 Medium |
| Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||