Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43969 | 1 Ricoh | 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more | 2023-02-24 | N/A | 9.1 CRITICAL |
| Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | |||||
| CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2023-02-24 | N/A | 7.5 HIGH |
| AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | |||||
| CVE-2023-23466 | 1 Mediacp | 1 Media Control Panel | 2023-02-24 | N/A | 7.5 HIGH |
| Media CP Media Control Panel latest version. Insufficiently protected credential change. | |||||
| CVE-2023-23463 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2023-02-24 | N/A | 7.5 HIGH |
| Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | |||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | |||||
| CVE-2023-24619 | 1 Redpanda | 1 Redpanda | 2023-02-23 | N/A | 5.5 MEDIUM |
| Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | |||||
| CVE-2022-27774 | 4 Brocade, Debian, Haxx and 1 more | 16 Fabric Operating System, Debian Linux, Curl and 13 more | 2023-02-23 | 3.5 LOW | 5.7 MEDIUM |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | |||||
| CVE-2019-10424 | 1 Jenkins | 1 Eloyente | 2023-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10423 | 1 Jenkins | 1 Codescan | 2023-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10422 | 1 Jenkins | 1 Call Remote Job | 2023-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10421 | 1 Jenkins | 1 Azure Event Grid Notifier | 2023-02-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10419 | 1 Jenkins | 1 Vfabric Application Director | 2023-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10420 | 1 Jenkins | 1 Assembla | 2023-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10416 | 1 Jenkins | 1 Violation Comments To Gitlab | 2023-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10415 | 1 Jenkins | 1 Violation Comments To Gitlab | 2023-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10414 | 1 Jenkins | 1 Git Changelog | 2023-02-22 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10413 | 1 Jenkins | 1 Data Theorem Mobile App Security | 2023-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2022-38465 | 1 Siemens | 89 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 86 more | 2023-02-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication. | |||||
| CVE-2013-4423 | 1 Redhat | 1 Cloudforms | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| CloudForms stores user passwords in recoverable format | |||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2023-02-12 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||