Total
986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1010241 | 1 Jenkins | 1 Credentials Binding | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. | |||||
CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
CVE-2019-8932 | 1 Rdbrck | 1 Shift | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
CVE-2018-20384 | 1 Inovobb | 4 Ib-8120-w21, Ib-8120-w21 Firmware, Ib-8120-w21e1 and 1 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | |||||
CVE-2017-17691 | 1 Contronics | 1 Homeputer Cl Studio Fur Homematic | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | |||||
CVE-2018-17900 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. | |||||
CVE-2018-19795 | 1 Chipsbank | 1 Umptool | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. | |||||
CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | |||||
CVE-2018-20390 | 1 Kaonmedia | 6 Cg2001-an22a, Cg2001-an22a Firmware, Cg2001-udbna and 3 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
CVE-2019-6549 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2024-02-28 | 4.0 MEDIUM | 7.2 HIGH |
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. | |||||
CVE-2018-10622 | 1 Medtronic | 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more | 2024-02-28 | 1.9 LOW | 7.1 HIGH |
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. | |||||
CVE-2019-7300 | 1 Articatech | 1 Artica Proxy | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | |||||
CVE-2018-15717 | 1 Opendental | 1 Opendental | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. | |||||
CVE-2018-9280 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | |||||
CVE-2018-20444 | 1 Technicolor | 2 Cga0111, Cga0111 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
CVE-2017-2751 | 1 Hp | 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. | |||||
CVE-2018-12038 | 1 Samsung | 2 840 Evo, 840 Evo Firmware | 2024-02-28 | 1.9 LOW | 4.2 MEDIUM |
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | |||||
CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. |