Search
Total
309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2164 | 1 Jfrog | 1 Artifactory | 2020-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2019-11686 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2020-03-13 | 2.1 LOW | 5.5 MEDIUM |
| Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | |||||
| CVE-2019-10706 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2020-03-13 | 6.3 MEDIUM | 6.3 MEDIUM |
| Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. | |||||
| CVE-2019-5648 | 1 Barracuda | 2 Load Balancer Adc, Load Balancer Adc Firmware | 2020-03-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. | |||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2020-03-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | |||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2020-02-25 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2014-4660 | 1 Redhat | 1 Ansible | 2020-02-25 | 2.1 LOW | 5.5 MEDIUM |
| Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | |||||
| CVE-2020-2119 | 1 Jenkins | 1 Azure Ad | 2020-02-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2129 | 1 Jenkins | 1 Eagle Tester | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2130 | 1 Jenkins | 1 Harvest Scm | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2131 | 1 Jenkins | 1 Harvest Scm | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2132 | 1 Jenkins | 1 Parasoft Environment Manager | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2133 | 1 Jenkins | 1 Applatix | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2127 | 1 Jenkins | 1 Bmc Release Package And Deployment | 2020-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2128 | 1 Jenkins | 1 Ecx Copy Data Management | 2020-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2125 | 1 Jenkins | 1 Debian Package Builder | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2126 | 1 Jenkins | 1 Digitalocean | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2020-02-11 | 1.9 LOW | 6.8 MEDIUM |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | |||||
| CVE-2019-19539 | 1 Hp | 3 Web Viewpoint T0320, Web Viewpoint T0952, Web Viewpoint T0986 | 2020-02-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. | |||||
| CVE-2020-2107 | 1 Jenkins | 1 Fortify | 2020-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10205 | 1 Redhat | 1 Quay | 2020-01-15 | 4.6 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | |||||
| CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | |||||
| CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-6024 | 1 Rakuten | 1 Rakuma | 2020-01-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party. | |||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2019-12-18 | 2.1 LOW | 5.5 MEDIUM |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | |||||
| CVE-2019-16572 | 1 Jenkins | 1 Weibo | 2019-12-18 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2019-12-11 | 2.1 LOW | 5.5 MEDIUM |
| Claws Mail vCalendar plugin: credentials exposed on interface | |||||
| CVE-2019-16673 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2019-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | |||||
| CVE-2019-16542 | 1 Jenkins | 1 Anchore Container Image Scanner | 2019-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16543 | 1 Jenkins | 1 Spira Importer | 2019-12-03 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2019-11-08 | 2.1 LOW | 5.5 MEDIUM |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | |||||
| CVE-2013-4423 | 1 Redhat | 1 Cloudforms | 2019-11-06 | 2.1 LOW | 5.5 MEDIUM |
| CloudForms stores user passwords in recoverable format | |||||
| CVE-2019-10459 | 1 Jenkins | 1 Mattermost Notification | 2019-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10467 | 1 Jenkins | 1 Sonar Gerrit | 2019-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-0072 | 1 Juniper | 1 Sbr Carrier | 2019-10-21 | 2.1 LOW | 5.5 MEDIUM |
| An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4. | |||||
| CVE-2019-17497 | 1 Tracker-software | 1 Pdf-xchange Editor | 2019-10-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | |||||
| CVE-2019-10398 | 1 Jenkins | 1 Beaker Builder | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2019-10-09 | 2.1 LOW | 5.3 MEDIUM |
| All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network. | |||||
| CVE-2018-15456 | 1 Cisco | 1 Identity Services Engine | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack. | |||||
| CVE-2018-15717 | 1 Opendental | 1 Opendental | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. | |||||
| CVE-2017-9637 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2019-10-09 | 1.9 LOW | 4.1 MEDIUM |
| Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
| CVE-2017-1207 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. | |||||
| CVE-2018-9280 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | |||||
| CVE-2018-9279 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. | |||||
| CVE-2018-19795 | 1 Chipsbank | 1 Umptool | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. | |||||
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | |||||
| CVE-2018-16222 | 1 Ismartalarm | 1 Ismartalarm | 2019-10-03 | 2.1 LOW | 6.8 MEDIUM |
| Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. | |||||
| CVE-2018-12383 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. | |||||