Search
Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
| qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | |||||
| CVE-2019-8118 | 1 Magento | 1 Magento | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | |||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2019-10-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2019-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2019-10-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2019-10-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
| CVE-2019-10413 | 1 Jenkins | 1 Data Theorem Mobile App Security | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10416 | 1 Jenkins | 1 Violation Comments To Gitlab | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10415 | 1 Jenkins | 1 Violation Comments To Gitlab | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10414 | 1 Jenkins | 1 Git Changelog | 2019-10-09 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10425 | 1 Jenkins | 1 Google Calendar | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10421 | 1 Jenkins | 1 Azure Event Grid Notifier | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10422 | 1 Jenkins | 1 Call Remote Job | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. | |||||
| CVE-2018-1621 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 2.1 LOW | 6.7 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. | |||||
| CVE-2018-17489 | 1 Hidglobal | 1 Easylobby Solo | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers. | |||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | |||||
| CVE-2018-19279 | 2 Microsoft, Primx | 2 Windows, Zonecentral | 2019-10-03 | 2.1 LOW | 4.3 MEDIUM |
| PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater. | |||||
| CVE-2017-14990 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | |||||
| CVE-2018-11242 | 1 Makemytrip | 1 Makemytrip | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files. | |||||
| CVE-2018-10812 | 1 Bitpie | 1 Bitcoin Wallet | 2019-10-03 | 1.9 LOW | 4.1 MEDIUM |
| The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS). | |||||
| CVE-2017-2723 | 1 Huawei | 1 Files | 2019-10-03 | 2.1 LOW | 6.7 MEDIUM |
| The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. | |||||