Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | |||||
CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
CVE-2020-2131 | 1 Jenkins | 1 Harvest Scm | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-16542 | 1 Jenkins | 1 Anchore Container Image Scanner | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-19823 | 11 Ciktel, Coship, Fg-products and 8 more | 36 Mesh Router, Mesh Router Firmware, Emta Ap and 33 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | |||||
CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Claws Mail vCalendar plugin: credentials exposed on interface | |||||
CVE-2020-2107 | 1 Jenkins | 1 Fortify | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-5505 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | |||||
CVE-2013-3313 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311. | |||||
CVE-2019-10421 | 1 Jenkins | 1 Azure Event Grid Notifier | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2020-2127 | 1 Jenkins | 1 Bmc Release Package And Deployment | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | |||||
CVE-2020-7233 | 1 Kmccontrols | 2 Bac-a1616bc, Bac-a1616bc Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | |||||
CVE-2019-11284 | 1 Pivotal | 1 Reactor Netty | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to. | |||||
CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | |||||
CVE-2019-10460 | 1 Jenkins | 1 Bitbucket Oauth | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-19696 | 1 Trendmicro | 1 Password Manager | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | |||||
CVE-2019-10205 | 1 Redhat | 1 Quay | 2024-02-28 | 4.6 MEDIUM | 6.3 MEDIUM |
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | |||||
CVE-2020-7909 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | |||||
CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. |