CVE-2022-30018

Mobotix Control Center (MxCC) up to version 2.5.4.5 is affected by CVE-2022-30018 due to storing passwords in a recoverable format inside MxCC.ini, resulting in insufficient credential protection. This allows an attacker using the machine to obtain admin access to the software and access to recor...

SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2022:1657-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1657-1 advisory. - CVE-2022-27776: Fixed auth/cookie leak on redirect bsc1198766 - CVE-2022-27775: Fixed bad loca...

GHSA-5GWQ-4275-Q4QC Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to ha...

Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability...

GHSA-8C4W-V65P-JVCV OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

Amazon Linux 2 : curl (ALAS-2022-1792)

The version of curl installed on the remote host is prior to 7.79.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1792 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly...

FreeBSD : cURL -- Multiple vulnerabilities (92a4d881-c6cf-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92a4d881-c6cf-11ec-a06f-d4c9ef517024 advisory. - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak...

Red Lion DA50N

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: DA50N Vulnerabilities: Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials 2...

CVE-2021-33024 Philips Vue PACS Insufficiently Protected Credentials

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval...

CVE-2021-33024 Philips Vue PACS Insufficiently Protected Credentials

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval...

CVE-2021-22798

The CVE-2021-22798 issue affects Schneider Electric Conext ComBox (All Versions) and is described as CWE-522: Insufficiently Protected Credentials. The vulnerability could allow exposure of sensitive data (e.g., login credentials) when a network is sniffed. Root cause: credentials are not adequat...

CVE-2021-33107

CVE-2021-33107 affects Intel AMT SDK, Intel SCS, and Intel MEBx. The issue stems from insufficiently protected credentials during USB provisioning, enabling a potential information disclosure via physical access if exploited. Affected: Intel AMT SDK before 16.0.3; Intel SCS before 12.2; Intel MEB...

GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed...

Intel® AMT Advisory

Summary: A potential security vulnerability in the Intel® Active Management Technology AMT SDK, Intel® Setup and Configuration Software SCS and Intel® Management Engine BIOS eXtensions MEBx may allow escalation of privilege. Intel is releasing software and firmware updates to mitigate this...

Mitsubishi Electric MELSEC iQ-R Series Insufficiently Protected Credentials (CVE-2021-20597)

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining...

CVE-2022-0184

The CVE-2022-0184 issue affects KING JIM’s TEPRA PRO SR5900P and SR-R7900P label printers (SR5900P ≤1.080; SR-R7900P ≤1.030). The vulnerability is an insufficiently protected credentials flaw that could allow an attacker on an adjacent network to obtain credentials used to connect to the device’s...

JVN#81479705: Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

Label printers "TEPRA" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability CWE-522. Impact An attacker who can access the products via network may obtain credentials to connect to the Wi-Fi access point with the infrastructure mode...

Fresenius Kabi Agilia Connect Infusion System (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials,...

Siemens Questa and ModelSim

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Questa Simulation and ModelSim Simulation Vulnerability: Insufficiently Protected Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled...

Mitsubishi Electric MELSEC iQ-R Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-R Series CPU Module Vulnerabilities : Exposure of Sensitive Information to an Unauthorized Actor, Insufficiently Protected Credentials, Overly Restrictive...