Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-14890 | 1 Redhat | 1 Ansible Tower | 2024-02-04 | 2.1 LOW | 8.4 HIGH |
| A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | |||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-6670 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. | |||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | |||||
| CVE-2011-5247 | 1 Prophecyinternational | 1 Snare | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. | |||||
| CVE-2019-8118 | 1 Magento | 1 Magento | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | |||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-5848 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-19314 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | |||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2009-5068 | 1 Simplemachines | 1 Simple Machines Forum | 2024-02-04 | 3.5 LOW | 7.2 HIGH |
| There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. | |||||
| CVE-2019-14825 | 1 Theforeman | 1 Katello | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. | |||||
| CVE-2019-15023 | 1 Zingbox | 1 Inspector | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | |||||
| CVE-2019-4566 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | |||||
| CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
| CVE-2019-4314 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | |||||
| CVE-2010-3282 | 3 Fedoraproject, Hp, Redhat | 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more | 2024-02-04 | 1.9 LOW | 3.3 LOW |
| 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | |||||