CWE:
 

Tytuł
Data
Autor
Med.
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
28.05.2017
Kyle Lovett
Med.
Sophos Web Appliance 4.2.1.3 Privilege Escalation
05.11.2016
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues
13.10.2015
Matthias Deeg
Med.
Netop Remote Control 11.52 / 12.11 Credential Issue
25.08.2015
Matthias Deeg
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...
High
Privoxy 3.0.20-1 Proxy Authentication Credential Exposure
12.03.2013
Chris John Riley


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-04-20
Low
CVE-2022-27179

Updating...
 

 
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.

 
2022-04-12
Low
CVE-2022-29052

Vendor: Jenkins
Software: Google compu...
 

 
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

 
Medium
CVE-2022-22550

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.

 
2022-04-06
Low
CVE-2022-26850

Vendor: Apache
Software: NIFI
 

 
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.

 
2022-04-05
Medium
CVE-2022-24978

Vendor: Zohocorp
Software: Manageengine...
 

 
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

 
2022-04-04
Medium
CVE-2022-1026

Vendor: Kyocera
Software: Net viewer
 

 
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

 
2022-04-01
Medium
CVE-2021-33024

Vendor: Philips
Software: Myvue
 

 
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.

 
2022-03-30
Medium
CVE-2022-26948

Vendor: RSA
Software: Archer
 

 
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.

 
2022-03-29
Low
CVE-2022-28141

Vendor: Jenkins
Software: Proxmox
 

 
Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

 
2022-03-23
Medium
CVE-2022-0859

Vendor: Mcafee
Software: Epolicy orch...
 

 
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top