CWE:
 

Tytuł
Data
Autor
Med.
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
28.05.2017
Kyle Lovett
Med.
Sophos Web Appliance 4.2.1.3 Privilege Escalation
05.11.2016
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues
13.10.2015
Matthias Deeg
Med.
Netop Remote Control 11.52 / 12.11 Credential Issue
25.08.2015
Matthias Deeg
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...
High
Privoxy 3.0.20-1 Proxy Authentication Credential Exposure
12.03.2013
Chris John Riley


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-11-29
Waiting for details
CVE-2022-46155

Updating...
 

 

 
2022-10-17
Waiting for details
CVE-2019-14840

Updating...
 

 
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

 
2022-10-11
Waiting for details
CVE-2022-38465

Updating...
 

 
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.

 
2022-08-23
Waiting for details
CVE-2022-38663

Updating...
 

 
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

 
2022-07-12
Medium
CVE-2022-22998

Updating...
 

 
Implemented protections on AWS credentials that were not properly protected.

 
2022-07-06
Low
CVE-2022-27548

Vendor: Hcltechsw
Software: Hcl launch
 

 
HCL Launch stores user credentials in plain clear text which can be read by a local user.

 
2022-06-30
Low
CVE-2022-34808

Vendor: Jenkins
Software: Cisco spark
 

 
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

 
Low
CVE-2022-34796

Vendor: Jenkins
Software: Deployment d...
 

 
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

 
2022-06-23
Low
CVE-2022-34213

Vendor: Jenkins
Software: Squash tm pu...
 

 
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

 
2022-06-14
Low
CVE-2022-30231

Vendor: Siemens
Software: Sicam grided...
 

 
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top