CWE:

	Topic	Date	Author
Med.	ABUS Secvest Wireless Control Device Missing Encryption	24.06.2020	Thomas Detert
Med.	Fujitsu Wireless Keyboard Set LX390 Missing Encryption	24.10.2019	Matthias Deeg

---

CVEMAP Search Results

CVE

Details

Description

2022-09-13

CVE-2022-39014

Updating...

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

2022-07-13

Low

CVE-2022-20219

Vendor: Google Software: Android

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613

2022-07-07

Medium

CVE-2015-3207

Vendor: Openshift Software: Origin

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

2022-06-27

CVE-2022-31085

Updating...

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

2022-06-14

Low

CVE-2021-40650

Vendor: Softwareag Software: Connx

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.

2022-06-02

CVE-2022-30237

Updating...

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

2022-05-25

CVE-2022-21951

Updating...

A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

2022-04-01

Medium

CVE-2021-33020

Vendor: Philips Software: Myvue

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

2022-03-16

Low

CVE-2022-27225

Vendor: Gradle Software: Enterprise

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.

2022-03-15

Low

CVE-2022-27206

Vendor: Jenkins Software: Gitlab authe...

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

 

---

Copyright 2023, cxsecurity.com