Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13400 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | |||||
CVE-2019-10981 | 1 Schneider-electric | 2 Citectscada, Scada Expert Vijeo Citect | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. | |||||
CVE-2019-3780 | 1 Cloudfoundry | 1 Container Runtime | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account. | |||||
CVE-2019-11820 | 1 Synology | 1 Calendar | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | |||||
CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10239 | 1 Robotronic | 1 Runasspc | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account. | |||||
CVE-2019-13348 | 1 Eng | 1 Knowage | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. | |||||
CVE-2019-15052 | 1 Gradle | 1 Gradle | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. | |||||
CVE-2019-10295 | 1 Jenkins | 1 Crittercism-dsym | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10281 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10361 | 1 Jenkins | 1 M2release | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-10294 | 1 Jenkins | 1 Kmap | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10296 | 1 Jenkins | 1 Serena Sra Deploy | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | |||||
CVE-2019-0178 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-02-28 | 3.3 LOW | 3.6 LOW |
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2019-11367 | 1 Auo | 1 Solar Data Recorder | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully. | |||||
CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-8350 | 1 Simple | 1 Better Banking | 2024-02-28 | 2.1 LOW | 6.8 MEDIUM |
The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password. | |||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. |