Total
985 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17393 | 1 Tomedo | 1 Server | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | |||||
CVE-2019-19890 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. | |||||
CVE-2019-10422 | 1 Jenkins | 1 Call Remote Job | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10448 | 1 Jenkins | 1 Extensive Testing | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-15635 | 1 Grafana | 1 Grafana | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. | |||||
CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | |||||
CVE-2019-5648 | 1 Barracuda | 2 Load Balancer Adc, Load Balancer Adc Firmware | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. | |||||
CVE-2019-10425 | 1 Jenkins | 1 Google Calendar | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10210 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-02-28 | 1.9 LOW | 7.0 HIGH |
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | |||||
CVE-2018-21031 | 1 Plex | 1 Media Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product. | |||||
CVE-2019-3431 | 1 Zte | 1 Zxcloud Goldendata Vap | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. | |||||
CVE-2019-19687 | 1 Openstack | 1 Keystone | 2024-02-28 | 3.5 LOW | 8.8 HIGH |
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | |||||
CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | |||||
CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2024-02-28 | 5.0 MEDIUM | 10.0 CRITICAL |
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | |||||
CVE-2020-3841 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. | |||||
CVE-2019-10459 | 1 Jenkins | 1 Mattermost Notification | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10476 | 1 Jenkins | 1 Zulip | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-10414 | 1 Jenkins | 1 Git Changelog | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-4508 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429. | |||||
CVE-2019-10467 | 1 Jenkins | 1 Sonar Gerrit | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. |