Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33724 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | ||||
| CVE-2022-32245 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 8.2 High |
| SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. | ||||
| CVE-2022-31204 | 1 Omron | 15 Cp1w-cif41, Cp1w-cif41 Firmware, Cx-programmer and 12 more | 2024-11-21 | 7.5 High |
| Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. | ||||
| CVE-2022-30994 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 7.5 High |
| Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 | ||||
| CVE-2022-30993 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 7.5 High |
| Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | ||||
| CVE-2022-30115 | 3 Haxx, Netapp, Splunk | 15 Curl, Clustered Data Ontap, H300s and 12 more | 2024-11-21 | 4.3 Medium |
| Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. | ||||
| CVE-2022-2083 | 1 Simple Sign On Project | 1 Simple Sign On | 2024-11-21 | 7.5 High |
| The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. | ||||
| CVE-2022-29945 | 1 Dji | 22 Air 2, Air 2 Firmware, Air 2s and 19 more | 2024-11-21 | 4 Medium |
| DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. | ||||
| CVE-2022-29874 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. | ||||
| CVE-2022-29733 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2024-11-21 | 5.9 Medium |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | ||||
| CVE-2022-29519 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2024-11-21 | 7.5 High |
| Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. | ||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-11-21 | 5.9 Medium |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | ||||
| CVE-2022-27619 | 1 Synology | 1 Note Station | 2024-11-21 | 6.8 Medium |
| Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2022-25805 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. | ||||
| CVE-2022-25180 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 4.3 Medium |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | ||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | ||||
| CVE-2022-23105 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 6.5 Medium |
| Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | ||||
| CVE-2022-22385 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | 5.9 Medium |
| IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962. | ||||
| CVE-2022-21951 | 1 Suse | 1 Rancher | 2024-11-21 | 6.8 Medium |
| A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. | ||||
| CVE-2022-21829 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.8 Critical |
| Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520. | ||||