Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | |||||
| CVE-2019-10210 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-02-04 | 1.9 LOW | 7.0 HIGH |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | |||||
| CVE-2019-3663 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details | |||||
| CVE-2020-8994 | 1 Mi | 2 Mdz-25-dt, Mdz-25-dt Firmware | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor | |||||
| CVE-2019-10448 | 1 Jenkins | 1 Extensive Testing | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | |||||
| CVE-2019-10416 | 1 Jenkins | 1 Violation Comments To Gitlab | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2130 | 1 Jenkins | 1 Harvest Scm | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-6961 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-02-04 | 7.5 HIGH | 10.0 CRITICAL |
| In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. | |||||
| CVE-2019-9104 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | |||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | |||||
| CVE-2020-3841 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. | |||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | |||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | |||||
| CVE-2020-9023 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. | |||||
| CVE-2019-10460 | 1 Jenkins | 1 Bitbucket Oauth | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10422 | 1 Jenkins | 1 Call Remote Job | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-4335 | 1 Ibm | 1 Watson Studio Local | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413. | |||||
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2131 | 1 Jenkins | 1 Harvest Scm | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||