• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-312

CVE-2022-28162

February 23, 2023 by godfreyd94

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

CVE-2022-2805

February 23, 2023 by godfreyd94

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.

CVE-2022-26778

February 23, 2023 by godfreyd94

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

CVE-2022-26307

February 23, 2023 by godfreyd94

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.

CVE-2022-26148

February 23, 2023 by godfreyd94

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.

CVE-2022-2569

February 23, 2023 by godfreyd94

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 53
  • Go to page 54
  • Go to page 55
  • Go to page 56
  • Go to page 57
  • Interim pages omitted …
  • Go to page 60
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE