38 matches found
IBM Sterling Partner Engagement Manager Information Disclosure Vulnerability (CNVD-2022-85417)
An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...
CVE-2022-34354
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...
CVE-2022-34354
Affected product: IBM Sterling Partner Engagement Manager 2.0. The vulnerability is an information disclosure where encrypted client data stored locally can be read by another user on the same system. Root cause: inadequate protection of locally stored data leading to exposure. Impact: confidenti...
CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...
CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...
IBM Sterling Partner Engagement Manager 安全漏洞
An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...
GHSA-3F82-V3QW-53Q7 Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration. While the password is stored encrypted on disk, it is transmitted in plai...
Cisco IP Phone Cleartext Password Storage Vulnerability
Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability. ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832,...
PT-2020-15459 · Jenkins · Jenkins Parameterized Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Parameterized Remote Trigger Plugin versions 3.1.3 and earlier Description: The issue concerns the storage of a secret in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the secret is...
Boole Server BooleBox Secure File Sharing Utility Injection Vulnerability
Boole Server BooleBox Secure File Sharing Utility is a file sharing system from Boole Server Italy. The system is mainly used for encrypted file storage and sharing. An injection vulnerability exists in Boole Server BooleBox Secure File Sharing Utility. The vulnerability can be exploited to execu...
CVE-2020-11826
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...
PT-2019-11809 · Jenkins · Jenkins Violation Comments To Gitlab Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Violation Comments to GitLab Plugin version 2.28 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner. Specifically, the plugin stored API tokens unencrypted in job config.xml files and its...
PT-2019-11747 · Jenkins · Jenkins Gogs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted form in job config.xml files on the Jenkins master or controller. These credentials can be accessed by users with...
Get Dashlane Password Manager Premium (50% + 10% OFF)
Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your passwor...
Secure Your Enterprise With Zoho Vault Password Management Software
Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are...
CVE-2016-5746
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf...
[SECURITY] Fedora 17 Update: gnome-keyring-3.4.1-3.fc17
The gnome-keyring session daemon manages passwords and other types of secrets for the user, storing them encrypted with a main password. Applications can use the gnome-keyring library to integrate with the keyrin g...
Secure Boot in Windows 8 Worries Researchers
Windows 8, like Windows 7 and Vista before it, is being touted as the most secure version of Windows ever. In past releases, many of the security improvements have come through exploit mitigations such as ASLR and DEP and better software security practices during development. In Windows 8, howeve...