CWE:
 

Tytuł
Data
Autor
Med.
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
28.05.2017
Kyle Lovett
Med.
Sophos Web Appliance 4.2.1.3 Privilege Escalation
05.11.2016
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues
13.10.2015
Matthias Deeg
Med.
Netop Remote Control 11.52 / 12.11 Credential Issue
25.08.2015
Matthias Deeg
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...
High
Privoxy 3.0.20-1 Proxy Authentication Credential Exposure
12.03.2013
Chris John Riley

Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-11-29
Waiting for details
CVE-2022-46155
Updating...
 
 

 
2022-10-17
Waiting for details
CVE-2019-14840
Updating...
 
 
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

 
2022-10-11
Waiting for details
CVE-2022-38465
Updating...
 
 
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.

 
2022-08-23
Waiting for details
CVE-2022-38663
Updating...
 
 
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

 
2022-07-12
Medium
CVE-2022-22998
Updating...
 
 
Implemented protections on AWS credentials that were not properly protected.

 
2022-07-06
Low
CVE-2022-27548
Vendor: Hcltechsw
Software: Hcl launch
 
 
HCL Launch stores user credentials in plain clear text which can be read by a local user.

 
2022-06-30
Low
CVE-2022-34808
Vendor: Jenkins
Software: Cisco spark
 
 
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

 
Low
CVE-2022-34796
Vendor: Jenkins
Software: Deployment d...
 
 
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

 
2022-06-23
Low
CVE-2022-34213
Vendor: Jenkins
Software: Squash tm pu...
 
 
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

 
2022-06-14
Low
CVE-2022-30231
Vendor: Siemens
Software: Sicam grided...
 
 
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.

 

 

Copyright 2022, cxsecurity.com

 

Back to Top