Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Azure Active Directory Information Disclosure Vulnerability | |||||
| CVE-2021-39046 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | |||||
| CVE-2021-20410 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2022-07-12 | 3.5 LOW | 5.3 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. | |||||
| CVE-2020-26515 | 1 Intland | 1 Codebeamer Application Lifecycle Management | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key. | |||||
| CVE-2021-34075 | 1 Artica | 1 Pandora Fms | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | |||||
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2022-07-12 | 4.3 MEDIUM | 3.7 LOW |
| Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | |||||
| CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-30948 | 1 Apple | 2 Ipados, Iphone Os | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. | |||||
| CVE-2022-34808 | 1 Jenkins | 1 Cisco Spark | 2022-07-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2022-07-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | |||||
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2022-07-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | |||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2022-07-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | |||||
| CVE-2022-33953 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2022-07-05 | 2.1 LOW | 4.6 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | |||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | |||||
| CVE-2022-1666 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. | |||||
| CVE-2021-32003 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2022-07-02 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
| CVE-2020-7299 | 1 Mcafee | 1 True Key | 2022-07-01 | 1.9 LOW | 4.1 MEDIUM |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. | |||||
| CVE-2020-7306 | 1 Mcafee | 1 Data Loss Prevention | 2022-07-01 | 2.1 LOW | 5.2 MEDIUM |
| Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text | |||||
| CVE-2022-21184 | 1 Atvise | 1 Atvise | 2022-06-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||