Privilege escalation

Insufficiently protected credentials in the installation binaries for IntelR SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM USA. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A security vulnerability exists in IBM Robotic Process Automation versions 21.0.0, 21.0.1, and 21.0.2 that...

CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...

CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...

CVE-2022-22998

Implemented protections on AWS credentials that were not properly protected...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials which leaks the Authorization header after a redirect to a different port on the same site. Remediation Upgrade mechanize to version 2.8.5 or higher. References - GitHub Commit - GitHub PR...

CVE-2022-26850 Insufficiently protected credentials

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the...

CVE-2021-23196

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...

Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution

I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials,...

CVE-2021-20597

CVE-2021-20597 concerns Mitsubishi Electric MELSEC iQ-R series CPU modules where firmware versions before the fixed releases allow a remote, unauthenticated attacker to login by sniffing network traffic and capturing credentials during user registration or password changes. The issue affects mult...

OPENSUSE-SU-2021:2439-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

Hitachi ABB Power Grids eSOMS Telerik

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: eSOMS Telerik Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Improper Input Validation, Inadequate Encryption Strength, Insufficiently...

Information disclosure

Insufficiently protected credentials in the IntelR EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access...

Privilege escalation

Insufficiently protected credentials in the IntelR QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-12309

Insufficiently protected credentialsin subsystem in some IntelR Client SSDs and some IntelR Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access...

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security adviso...

CVE-2016-8378

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials...

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...

MS KB2871997: Update to Improve Credentials Protection and Management

The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft. - For Windows 7 / 2008 R2 :...

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...