Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-2212 | 1 Jenkins | 1 Github Coverage Reporter | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration. | |||||
CVE-2020-2208 | 1 Jenkins | 1 Slack Upload | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2020-6239 | 1 Sap | 1 Business One | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | |||||
CVE-2019-15653 | 1 Comba | 2 Ap2600-i - A02 - 0202n00pd2, Ap2600-i - A02 - 0202n00pd2 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). | |||||
CVE-2020-5406 | 1 Vmware | 1 Tanzu Application Service For Vms | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling. | |||||
CVE-2020-0540 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
CVE-2020-6874 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2024-02-28 | 5.5 MEDIUM | 9.1 CRITICAL |
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. | |||||
CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | |||||
CVE-2020-2164 | 1 Jfrog | 1 Artifactory | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
CVE-2020-15062 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
CVE-2019-4697 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | |||||
CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | |||||
CVE-2019-15655 | 1 Dlink | 2 Dsl-2875al, Dsl-2875al Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. | |||||
CVE-2020-3547 | 1 Cisco | 4 Asyncos, Content Security Management Appliance, Email Security Appliance and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface. | |||||
CVE-2020-14334 | 1 Redhat | 1 Satellite | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | |||||
CVE-2020-8210 | 1 Citrix | 1 Xenmobile Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. | |||||
CVE-2018-21248 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | |||||
CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | |||||
CVE-2020-5899 | 1 F5 | 1 Nginx Controller | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code. | |||||
CVE-2020-10727 | 2 Apache, Netapp | 2 Activemq Artemis, Oncommand Workflow Automation | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. |