CVE-2023-24439

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

DISPUTED KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker...

CVE-2023-24055

CVE-2023-24055 affects KeePass up to version 2.53 where an attacker with write access to KeePass.config.xml can trigger an export and exfiltrate cleartext passwords. Evidence and discussion appear in NVD/NVD-derived entries, OSS advisories, Mageia MGASA-2023-0221 (fix/update discussions), OSV- MG...

Design/Logic Flaw

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging...

CVE-2022-45439

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging...

PT-2023-1318 · Zyxel · Zyxel Ax7501-B0

Name of the Vulnerable Software and Affected Versions: Zyxel AX7501-B0 versions prior to V5.17ABPC.3C0 Description: The issue is related to the storage of a pair of spare WiFi credentials in the configuration file of the Zyxel AX7501-B0 firmware in cleartext. An unauthenticated attacker could use...

CVE-2022-45439

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging...

Design/Logic Flaw

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions...

EXFO BV-10 安全漏洞

The EXFO BV-10 is a low-cost, easy-to-configure, purpose-built, intelligent performance endpoint device from EXFO Canada. A security vulnerability exists in the EXFO BV-10 that stems from a system configuration file having misconfigured permissions...

CVE-2022-39186 EXFO - BV-10 Performance Endpoint Unit Misconfiguration

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1036)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2023-1036)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2023-1011)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged...

CVE-2022-42260

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data...

Design/Logic Flaw

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data...

CVE-2022-0517

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN 2.7.1...

DEBIAN-CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

UBUNTU-CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-41261

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...

Improper access control

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...