Vulnerabilities (CVE)

Filtered by CWE-312
Total 576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3192 1 Cloudera 1 Cloudera Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
CVE-2020-6794 2 Canonical, Mozilla 2 Ubuntu Linux, Thunderbird 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.
CVE-2019-17106 1 Centreon 1 Centreon Web 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
CVE-2019-5848 1 Google 1 Chrome 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2008-7272 1 Getfiregpg 1 Firegpg 2024-02-28 5.0 MEDIUM 7.5 HIGH
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key.
CVE-2019-3767 1 Dell 1 Imageassist 2024-02-28 1.9 LOW 8.2 HIGH
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.
CVE-2019-3636 2 Mcafee, Microsoft 2 Total Protection, Windows 2024-02-28 4.6 MEDIUM 7.8 HIGH
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.
CVE-2019-14890 1 Redhat 1 Ansible Tower 2024-02-28 2.1 LOW 8.4 HIGH
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
CVE-2019-6670 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-02-28 2.1 LOW 4.4 MEDIUM
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
CVE-2019-14886 1 Redhat 2 Decision Manager, Process Automation Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.
CVE-2011-2916 1 Qtnx Project 1 Qtnx 2024-02-28 2.1 LOW 5.5 MEDIUM
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-10450 1 Jenkins 1 Elasticbox Ci 2024-02-28 2.1 LOW 3.3 LOW
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10430 1 Jenkins 1 Neuvector Vulnerability Scanner 2024-02-28 2.1 LOW 5.5 MEDIUM
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
CVE-2019-10443 1 Jenkins 1 Icescrum 2024-02-28 4.0 MEDIUM 8.8 HIGH
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-14825 1 Theforeman 1 Katello 2024-02-28 4.0 MEDIUM 2.7 LOW
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
CVE-2019-10447 1 Jenkins 1 Sofy.ai 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10440 1 Jenkins 1 Neoload 2024-02-28 4.0 MEDIUM 8.8 HIGH
Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CVE-2020-4224 1 Ibm 1 Storediq 2024-02-28 2.1 LOW 5.5 MEDIUM
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.
CVE-2013-2680 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
CVE-2019-8118 1 Magento 1 Magento 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.