PT-2022-1409 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent versions prior to 5.7.5 Description: A privilege escalation issue exists due to errors in privilege management. The McAfee Agent uses an openssl.cnf file during its build process, which can be exploited by a low-privilege user to...

Fortinet FortiClient Network Access Control Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient Network Access Control. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Jenkins Metrics Plugin Licensing Issue Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Metrics Plugin in version 4.0.2.8 and earlier is vulnerable to an authorization issue that stems from an unencrypt...

GHSA-R3RR-WPH6-9638 Password stored in plain text by Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Password stored in plain text by Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

USN-5223-1 apache-log4j1.2 vulnerability

It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...

The vulnerability in the ChromeOS Networking component of the Google Chrome browser allows a hacker to gain privileged access to the infrastructure through a created ONC file.

The vulnerability of the ChromeOS Networking component of the Google Chrome browser is related to implementation errors in security checks for standard elements. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain privileged access to infrastructure through a...

Apache Kylin has an unspecified vulnerability (CNVD-2022-02491)

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin security vulnerability, the vulnerability stems from the user...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to...

Design/Logic Flaw

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to...

CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to...

Apache Kylin 安全特征问题漏洞

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin security vulnerability, the vulnerability stems from the user...

Trendnet AC2600 TEW-827DRU has an unspecified vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.The Trendnet AC2600 TEW-827DRU has a security vulnerability that could be exploited by an attacker to store user names and passwords in plaintext in the device's configuration file...

Netgear Nighthawk R6700 Encryption Issue Vulnerability (CNVD-2022-02652)

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the product's failure to encrypt account information. An attacker could obtain plaintext account information in the Zhu configuration file throug...

CVE-2021-45077

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

CVE-2021-20171

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...