Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13021 | 1 Jetstream | 1 Jetselect | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path ...
Show More |
|||||
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2024-11-21 | 4.3 MEDIUM | 7.8 HIGH |
|
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
|
|||||
| CVE-2019-11966 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-11384 | 1 Zalora | 1 Zalora | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
|
|||||
| CVE-2019-10682 | 1 Django-nopassword Project | 1 Django-nopassword | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
django-nopassword before 5.0.0 stores cleartext secrets in the database.
|
|||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
|
|||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
|
|||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
|
|||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10433 | 1 Jenkins | 1 Dingding | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
|
|||||
| CVE-2019-10351 | 1 Jenkins | 1 Caliper Ci | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10350 | 1 Jenkins | 1 Port Allocator | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10348 | 1 Jenkins | 1 Gogs | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
|
|||||
| CVE-2019-10099 | 1 Apache | 1 Spark | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
|
|||||
| CVE-2019-0285 | 1 Sap | 1 Crystal Reports | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
|
|||||
| CVE-2018-9065 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
|
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.
|
|||||
| CVE-2018-8947 | 1 Laravel Log Viewer Project | 1 Laravel Log Viewer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
|
|||||
| CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2024-11-21 | 4.0 MEDIUM | 3.4 LOW |
|
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.
|
|||||
| CVE-2018-2028 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
|
|||||
| CVE-2018-20008 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
|
iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.
|
|||||
| CVE-2018-1882 | 5 Apple, Ibm, Linux and 2 more | 7 Macos, Aix, Spectrum Protect Backup-archive Client and 4 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.
|
|||||
| CVE-2018-1877 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.
|
|||||
| CVE-2018-1621 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
|
|||||
| CVE-2018-19981 | 1 Amazon | 1 Aws Software Development Kit | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
|
|||||
| CVE-2018-19941 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
|
|||||
| CVE-2018-19279 | 2 Microsoft, Primx | 2 Windows, Zonecentral | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
|
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
|
|||||
| CVE-2018-19009 | 1 Pilz | 1 Pnozmulti Configurator | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.
|
|||||
| CVE-2018-18641 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.
|
|||||
| CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
|
|||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-11-21 | 2.1 LOW | 2.9 LOW |
|
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.
|
|||||
| CVE-2018-17489 | 1 Hidglobal | 1 Easylobby Solo | 2024-11-21 | 2.1 LOW | 2.9 LOW |
|
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
|
|||||
| CVE-2018-16889 | 1 Redhat | 1 Ceph | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
|
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
|
|||||
| CVE-2018-16498 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.
|
|||||
| CVE-2018-12572 | 1 Avast | 1 Free Antivirus | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
|
|||||
| CVE-2018-11242 | 1 Makemytrip | 1 Makemytrip | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
|
|||||