Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1633 | 2 Openstack, Redhat | 2 Barbican, Openstack Platform | 2024-02-28 | N/A | 5.5 MEDIUM |
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | |||||
CVE-2023-31492 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-02-28 | N/A | 6.5 MEDIUM |
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | |||||
CVE-2023-5552 | 1 Sophos | 1 Firewall | 2024-02-28 | N/A | 7.5 HIGH |
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | |||||
CVE-2023-40345 | 1 Jenkins | 1 Delphix | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | |||||
CVE-2023-43631 | 1 Linuxfoundation | 1 Edge Virtualization Engine | 2024-02-28 | N/A | 8.8 HIGH |
On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could easily add their own keys and gain full control over the system without triggering the “measured boot” mechanism implemented by EVE OS, and without marking the device as “UUD” (“Unknown Update Detected”). This is because the “/config” partition is not protected by “measured boot”, it is mutable, and it is not encrypted in any way. An attacker can gain full control over the device without changing the PCR values, thus not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | |||||
CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-02-28 | N/A | 5.3 MEDIUM |
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | |||||
CVE-2023-43634 | 1 Lfedge | 1 Eve | 2024-02-28 | N/A | 8.8 HIGH |
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault” | |||||
CVE-2022-44757 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-02-28 | N/A | 8.2 HIGH |
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | |||||
CVE-2023-32338 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. | |||||
CVE-2023-27132 | 1 Tsplus | 1 Tsplus Remote Work | 2024-02-28 | N/A | 9.8 CRITICAL |
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product. | |||||
CVE-2022-42451 | 1 Hcltech | 1 Bigfix Patch Management | 2024-02-28 | N/A | 4.4 MEDIUM |
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | |||||
CVE-2023-40347 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
CVE-2023-34128 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-02-28 | N/A | 9.8 CRITICAL |
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
CVE-2020-17477 | 1 Univention | 1 Ucs\@school | 2024-02-28 | N/A | 6.5 MEDIUM |
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. | |||||
CVE-2023-25532 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. | |||||
CVE-2023-43630 | 1 Linuxfoundation | 1 Edge Virtualization Engine | 2024-02-28 | N/A | 8.8 HIGH |
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of SHA256. This issue was somewhat mitigated due to all of the PCR extend functions updating both the values of SHA256 and SHA1 for a given PCR ID. However, due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault” key, changes to the config partition would still not be measured. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault” | |||||
CVE-2023-46651 | 1 Jenkins | 1 Warnings | 2024-02-28 | N/A | 6.5 MEDIUM |
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | |||||
CVE-2023-41010 | 1 Tianyisc | 2 Tewa-700g, Tewa-700g Firmware | 2024-02-28 | N/A | 5.5 MEDIUM |
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. | |||||
CVE-2022-45611 | 1 Fresenius-kabi | 2 Pharmahelp, Pharmahelp Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | |||||
CVE-2023-38328 | 1 Egroupware | 1 Egroupware | 2024-02-28 | N/A | 4.9 MEDIUM |
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password. |