Lucene search
K

545 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.28 views

Jenkins Diawi Upload Plugin stores credentials in plain text

Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01773EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.26 views

Jenkins Klaros-Testmanagement Plugin stores credentials in plain text

Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01773EPSS
Exploits0References5Affected Software1
Fedora
Fedora
added 2022/05/07 5:6 a.m.24 views

[SECURITY] Fedora 36 Update: golang-github-instrumenta-kubeval-0.15.0-7.fc36

Validate your Kubernetes configuration files, supports multiple Kubernetes versions...

7.5CVSS9.4AI score0.03931EPSS
Exploits0
OSV
OSV
added 2022/04/22 9:15 p.m.4 views

CVE-2021-3722

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation...

5CVSS5.9AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2022/04/21 7:15 p.m.3 views

CVE-2022-20732

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

7.8CVSS7.3AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/07 12:0 a.m.4 views

PT-2022-15484 · 3S Smart Software Solutions · Codesys Control Runtime System

Name of the Vulnerable Software and Affected Versions: CODESYS Control runtime system affected versions not specified Description: A remote attacker could utilize the control program of the CODESYS Control runtime system to read and modify the configuration files of the affected products. The...

8.1CVSS7.8AI score0.01066EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.3 views

WordPress plugin KingComposer 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress KingComposer has a cross-site scripting...

5.4CVSS5.1AI score0.00627EPSS
Exploits2References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/23 3:8 a.m.4 views

Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection

Overview Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability CWE-78, CVE-2022-22986. Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT Eas...

8.8CVSS7.5AI score0.00709EPSS
Exploits0References6
Prion
Prion
added 2022/03/15 5:15 p.m.9 views

Design/Logic Flaw

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4CVSS6.3AI score0.00912EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/08 8:15 p.m.2 views

UBUNTU-CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

7.5CVSS7AI score0.89378EPSS
Exploits8References4
OSV
OSV
added 2022/02/24 7:15 p.m.3 views

CVE-2020-10632

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner...

5.3CVSS5.8AI score0.00466EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/01/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-5410

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

7.5CVSS6.9AI score0.95586EPSS
Exploits3References1
NVD
NVD
added 2021/12/30 10:15 p.m.16 views

CVE-2021-20162

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext...

4.9CVSS0.00472EPSS
Exploits0References1
Prion
Prion
added 2021/12/30 10:15 p.m.11 views

Default credentials

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext...

4CVSS5.3AI score0.00472EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.15 views

CVE-2021-20162

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext...

5.6AI score0.00472EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/08 11:15 p.m.3 views

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS7.4AI score0.02415EPSS
Exploits0References4Affected Software1
Kitploit
Kitploit
added 2021/11/23 8:30 p.m.27 views

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

7.4AI score
Exploits0References3
OSV
OSV
added 2021/11/09 12:15 p.m.3 views

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...

5.5CVSS5.7AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.3 views

Siemens Sentron Powermanager 安全漏洞

Siemens Sentron Powermanager is a power management software from Siemens, a German company. A local code execution vulnerability exists in Siemens Sentron Powermanager, which stems from an affected application assigning incorrect access rights to a specific folder containing configuration files. ...

7.8CVSS6.3AI score0.0021EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/11/05 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2021:3611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.5AI score0.0865EPSS
Exploits2References10
Rows per page
Query Builder