Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10345 | 1 Jenkins | 1 Configuration As Code | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||||
CVE-2019-14709 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | |||||
CVE-2019-7260 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | |||||
CVE-2019-0180 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2019-6609 | 1 F5 | 37 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 34 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. | |||||
CVE-2019-12046 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
LemonLDAP::NG -2.0.3 has Incorrect Access Control. | |||||
CVE-2019-0120 | 1 Intel | 56 Atom 230, Atom 230 Firmware, Atom 330 and 53 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10318 | 1 Jenkins | 1 Azure Ad | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | |||||
CVE-2019-11769 | 1 Teamviewer | 1 Teamviewer | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. | |||||
CVE-2019-0175 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | |||||
CVE-2019-13179 | 1 Calamares | 1 Calamares | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. | |||||
CVE-2019-10366 | 1 Jenkins | 1 Skytap Cloud Ci | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-9868 | 1 Veritas | 1 Netbackup Appliance | 2024-02-28 | 4.0 MEDIUM | 7.2 HIGH |
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | |||||
CVE-2019-10291 | 1 Jenkins | 1 Netsparker Cloud Scan | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-13349 | 1 Knowage-suite | 1 Knowage | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | |||||
CVE-2019-12452 | 1 Traefik | 1 Traefik | 2024-02-28 | 3.5 LOW | 7.5 HIGH |
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request. | |||||
CVE-2019-10298 | 1 Jenkins | 1 Koji | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10297 | 1 Jenkins | 1 Sametime | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |