Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
ABUS Secvest Wireless Control Device Missing Encryption
24.06.2020
Thomas Detert
Med.
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
24.10.2019
Matthias Deeg
CVEMAP Search Results
CVE
Details
Description
2022-09-13
CVE-2022-39014
Updating...
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
2022-07-13
Low
CVE-2022-20219
Vendor:
Google
Software:
Android
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613
2022-07-07
Medium
CVE-2015-3207
Vendor:
Openshift
Software:
Origin
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
2022-06-27
CVE-2022-31085
Updating...
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.
2022-06-14
Low
CVE-2021-40650
Vendor:
Softwareag
Software:
Connx
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.
2022-06-02
CVE-2022-30237
Updating...
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
2022-05-25
CVE-2022-21951
Updating...
A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.
2022-04-01
Medium
CVE-2021-33020
Vendor:
Philips
Software:
Myvue
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
2022-03-16
Low
CVE-2022-27225
Vendor:
Gradle
Software:
Enterprise
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.
2022-03-15
Low
CVE-2022-27206
Vendor:
Jenkins
Software:
Gitlab authe...
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Copyright
2023
, cxsecurity.com
Back to Top