Total
576 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3192 | 1 Cloudera | 1 Cloudera Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | |||||
CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | |||||
CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
CVE-2019-5848 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2008-7272 | 1 Getfiregpg | 1 Firegpg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. | |||||
CVE-2019-3767 | 1 Dell | 1 Imageassist | 2024-02-28 | 1.9 LOW | 8.2 HIGH |
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | |||||
CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | |||||
CVE-2019-14890 | 1 Redhat | 1 Ansible Tower | 2024-02-28 | 2.1 LOW | 8.4 HIGH |
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | |||||
CVE-2019-6670 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. | |||||
CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | |||||
CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-14825 | 1 Theforeman | 1 Katello | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. | |||||
CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2020-4224 | 1 Ibm | 1 Storediq | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | |||||
CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | |||||
CVE-2019-8118 | 1 Magento | 1 Magento | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. |