Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | |||||
CVE-2019-19898 | 1 Ixpdata | 1 Easyinstall | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | |||||
CVE-2020-2132 | 1 Jenkins | 1 Parasoft Environment Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2020-2114 | 1 Jenkins | 1 S3 Publisher | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
CVE-2020-2095 | 1 Jenkins | 1 Redgate Sql Change Automation | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-18572 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application. | |||||
CVE-2019-10416 | 1 Jenkins | 1 Violation Comments To Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | |||||
CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-17356 | 1 Infinitestudio | 1 Infinite Design | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. | |||||
CVE-2020-2128 | 1 Jenkins | 1 Ecx Copy Data Management | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2014-5381 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Grand MA 300 allows a brute-force attack on the PIN. | |||||
CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | |||||
CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
CVE-2013-2106 | 2 Debian, Stanford | 2 Debian Linux, Webauth | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
webauth before 4.6.1 has authentication credential disclosure | |||||
CVE-2014-5093 | 1 Status2k | 1 Status2k | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Status2k does not remove the install directory allowing credential reset. | |||||
CVE-2019-10420 | 1 Jenkins | 1 Assembla | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-20047 | 1 Al-enterprise | 2 Omnivista 4760, Omnivista 8770 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>. | |||||
CVE-2019-9657 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. |