Total
985 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6969 | 1 Automationdirect | 22 C-more Ea9-rhi, C-more Ea9-rhi Firmware, C-more Ea9-t10cl and 19 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations. | |||||
| CVE-2019-16673 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | |||||
| CVE-2020-6961 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. | |||||
| CVE-2019-4335 | 1 Ibm | 1 Watson Studio Local | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413. | |||||
| CVE-2019-16543 | 1 Jenkins | 1 Spira Importer | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-4307 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. | |||||
| CVE-2013-4423 | 1 Redhat | 1 Cloudforms | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| CloudForms stores user passwords in recoverable format | |||||
| CVE-2019-10461 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-5990 | 1 Anglers-net | 1 Cgi An-anlyzer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer. | |||||
| CVE-2019-0072 | 1 Juniper | 1 Sbr Carrier | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4. | |||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | |||||
| CVE-2019-19539 | 1 Hp | 3 Web Viewpoint T0320, Web Viewpoint T0952, Web Viewpoint T0986 | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. | |||||
| CVE-2019-10415 | 1 Jenkins | 1 Violation Comments To Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-1384 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 6.5 MEDIUM | 9.9 CRITICAL |
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-2130 | 1 Jenkins | 1 Harvest Scm | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2019-10426 | 1 Jenkins | 1 Gem Publisher | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | |||||
| CVE-2020-5404 | 1 Pivotal | 1 Reactor Netty | 2024-02-28 | 4.9 MEDIUM | 5.9 MEDIUM |
| The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects. | |||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | |||||