Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-522
Total 807 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14391 2 Gnome, Redhat 5 Control Center, Enterprise Linux, Enterprise Linux Aus and 2 more 2023-02-12 2.1 LOW 5.5 MEDIUM
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
CVE-2020-14334 1 Redhat 1 Satellite 2023-02-12 4.6 MEDIUM 8.8 HIGH
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
CVE-2019-10205 1 Redhat 1 Quay 2023-02-12 4.6 MEDIUM 6.3 MEDIUM
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
CVE-2019-10139 1 Ovirt 1 Cockpit-ovirt 2023-02-12 2.1 LOW 7.8 HIGH
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
CVE-2022-0718 3 Debian, Openstack, Redhat 4 Debian Linux, Oslo.utils, Openshift Container Platform and 1 more 2023-02-12 N/A 4.9 MEDIUM
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
CVE-2022-47697 1 Comfast Project 2 Cf-wr623n, Cf-wr623n Firmware 2023-02-07 N/A 9.8 CRITICAL
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.
CVE-2022-32519 1 Schneider-electric 1 Data Center Expert 2023-02-07 N/A 9.8 CRITICAL
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2022-32518 1 Schneider-electric 1 Data Center Expert 2023-02-07 N/A 9.8 CRITICAL
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2022-32520 1 Schneider-electric 1 Data Center Expert 2023-02-07 N/A 9.8 CRITICAL
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2019-4307 1 Ibm 1 Security Guardium Big Data Intelligence 2023-02-03 2.1 LOW 5.5 MEDIUM
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.
CVE-2019-4059 1 Ibm 1 Rational Clearcase 2023-02-03 5.0 MEDIUM 9.8 CRITICAL
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
CVE-2019-4239 2 Ibm, Redhat 2 Cloud Private, Openshift 2023-02-03 2.1 LOW 5.5 MEDIUM
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
CVE-2021-22798 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2023-02-02 5.0 MEDIUM 7.5 HIGH
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox (All Versions)
CVE-2022-43959 1 Bitrix24 1 Bitrix24 2023-02-02 N/A 4.9 MEDIUM
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
CVE-2021-23222 1 Postgresql 1 Postgresql 2023-01-31 4.3 MEDIUM 5.9 MEDIUM
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
CVE-2022-23538 1 Sylabs 1 Singularity Container Services Library 2023-01-30 N/A 7.6 HIGH
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow. Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise. There is no workaround available at this time.
CVE-2019-4385 1 Ibm 1 Spectrum Protect Plus 2023-01-30 2.1 LOW 6.5 MEDIUM
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
CVE-2022-40845 1 Tenda 2 Ac1200 V-w15ev2, W15e Firmware 2023-01-27 N/A 6.5 MEDIUM
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have.
CVE-2022-41859 1 Freeradius 1 Freeradius 2023-01-24 N/A 7.5 HIGH
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
CVE-2021-36204 1 Johnsoncontrols 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server 2023-01-23 N/A 7.5 HIGH
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.