Lucene search
K

167 matches found

Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-24917 · Tasks.Org · Tasks.Org

Name of the Vulnerable Software and Affected Versions: Tasks.org versions prior to 12.7.1 Tasks.org versions prior to 13.0.1 Description: The Tasks.org Android app has a sensitive information disclosure issue. The app's ShareLinkActivity.kt activity handles "share" intents and may copy files from...

5.5CVSS5.2AI score0.0025EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.8 views

The vulnerability of the microprogrammed software of Moxa’s EDR-G903, EDR-G902, and EDR-810 series of industrial routers lies in the use of rigidly encrypted account data, allowing attackers to gain full access to the devices.

The vulnerability of the microprogrammed software of Moxa’s EDR-G903, EDR-G902, and EDR-810 series of routers lies in the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to gain full access to the device using these specially created login...

10CVSS5.5AI score
Exploits0References1Affected Software3
OSV
OSV
added 2022/10/10 11:15 p.m.4 views

CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...

6.5CVSS5.8AI score0.00446EPSS
Exploits0References1
Prion
Prion
added 2022/10/10 11:15 p.m.17 views

Design/Logic Flaw

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...

4CVSS6.5AI score0.00446EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/10 12:0 a.m.20 views

CVE-2021-35226 Hashed Credential Exposure Vulnerability

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...

6.5CVSS6.7AI score0.00446EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 11:15 p.m.3 views

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

3.1CVSS5.8AI score0.00562EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.6 views

The vulnerability of the software authentication mechanism of Spectrum Virtualize allows a perpetrator to escalate their privileges.

The vulnerability of the software authentication mechanism of Spectrum Virtualize is related to the use of strictly encrypted credentials. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

10CVSS6.4AI score0.00664EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.7 views

The vulnerability of RSA key-generation functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to calculate secret RSA keys.

The vulnerability of RSA key exchange functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor ...

7.4CVSS7.4AI score0.16647EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/25 12:0 a.m.4 views

The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server and the Confluence Data Center, related to the possibility of using strictly encrypted user credentials, allows a hacker to gain full access to the Confluence software with the confluence-users group’s permissions.

The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server web server and the Confluence Data Center is related to the possibility of using strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, t...

9CVSS8.1AI score0.9817EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.4 views

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, arises from the use of rigidly encrypted account data. This allows a intruder to execute arbitrary codes.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to execute arbitrary codes remotely...

9.7CVSS8.1AI score0.01063EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.3 views

The vulnerability of the OpenBSI controller display tool, related to the use of strictly encrypted credentials, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the OpenBSI controller display tool lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the credentials remotely...

7.8CVSS5.5AI score0.00425EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.6 views

The vulnerability of microprogrammed software for programmable logic controllers ACE1000, related to the use of strictly encrypted user credentials for SSH accounts, allows a intruder to gain unauthorized access to protected information.

The vulnerability of microprogrammed programmable logic controllers ACE1000 is related to the use of rigidly encoded user data for SSH accounts. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.5AI score0.00835EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.6 views

The vulnerability of the XRT LAN-to-radio gateway and the XNL port for establishing connections in the microprogrammed logic controllers ACE1000 allows a intruder to gain unauthorized access to protected information.

The vulnerability of the XRT LAN-to-radio gateway and the XNL port for establishing connections in the microprogrammed logic controllers ACE1000 software involves the use of rigidly encrypted credentials. Exploiting this vulnerability could allow an intruder, operating remotely, to gain...

10CVSS5.5AI score0.00519EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 4:15 a.m.3 views

CVE-2022-25804

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...

5.5CVSS6.1AI score0.0028EPSS
Exploits1References3
OSV
OSV
added 2022/06/09 4:15 a.m.4 views

CVE-2022-25804

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...

5.5CVSS5.8AI score0.0028EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.4 views

IGEL Universal Management Suite 安全漏洞

The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability in IGEL Universal Management Suite UMS version 6.07.100, which stems from insecure permissions in the...

5.5CVSS5.7AI score0.0028EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

IGEL Universal Management Suite 信任管理问题漏洞

The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which stems from a hard-coded DES key i...

8.8CVSS7.8AI score0.00941EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:10 p.m.24 views

Credentials transmitted in plain text by Backlog Plugin

Backlog Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Backlog Plugin 2.4 and earlier. These credentials could be viewed by users with...

4.3CVSS5AI score0.00646EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.25 views

Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...

5.5CVSS4AI score0.00291EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.19 views

Jenkins Repository Connector Plugin has insufficiently protected credentials

Jenkins Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted ...

7.8CVSS6.7AI score0.00393EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder