CWE:
 

Topic
Date
Author
Med.
ABUS Secvest Wireless Control Device Missing Encryption
24.06.2020
Thomas Detert
Med.
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
24.10.2019
Matthias Deeg


CVEMAP Search Results

CVE
Details
Description
2022-09-13
Waiting for details
CVE-2022-39014

Updating...
 

 
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

 
2022-07-13
Low
CVE-2022-20219

Vendor: Google
Software: Android
 

 
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613

 
2022-07-07
Medium
CVE-2015-3207

Vendor: Openshift
Software: Origin
 

 
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

 
2022-06-27
Waiting for details
CVE-2022-31085

Updating...
 

 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

 
2022-06-14
Low
CVE-2021-40650

Vendor: Softwareag
Software: Connx
 

 
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.

 
2022-06-02
Waiting for details
CVE-2022-30237

Updating...
 

 
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

 
2022-05-25
Waiting for details
CVE-2022-21951

Updating...
 

 
A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

 
2022-04-01
Medium
CVE-2021-33020

Vendor: Philips
Software: Myvue
 

 
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

 
2022-03-16
Low
CVE-2022-27225

Vendor: Gradle
Software: Enterprise
 

 
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.

 
2022-03-15
Low
CVE-2022-27206

Vendor: Jenkins
Software: Gitlab authe...
 

 
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top