Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10429 | 1 Jenkins | 1 Gitlab Logo | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Claws Mail vCalendar plugin: credentials exposed on interface | |||||
| CVE-2019-0072 | 1 Juniper | 1 Sbr Carrier | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4. | |||||
| CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2019-10345 | 1 Jenkins | 1 Configuration As Code | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||||
| CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-11092 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10378 | 1 Jenkins | 1 Testlink | 2024-02-04 | 2.1 LOW | 5.3 MEDIUM |
| Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-11769 | 1 Teamviewer | 1 Teamviewer | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. | |||||
| CVE-2019-10291 | 1 Jenkins | 1 Netsparker Cloud Scan | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-0175 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-13349 | 1 Knowage-suite | 1 Knowage | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | |||||
| CVE-2019-11350 | 1 Cloudbees | 1 Jenkins Operations Center | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. | |||||
| CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | |||||
| CVE-2019-5534 | 1 Vmware | 1 Vcenter Server | 2024-02-04 | 4.0 MEDIUM | 7.7 HIGH |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | |||||
| CVE-2019-10981 | 1 Schneider-electric | 2 Citectscada, Scada Expert Vijeo Citect | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. | |||||
| CVE-2019-11402 | 1 Gradle | 1 Enterprise | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | |||||
| CVE-2019-12046 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| LemonLDAP::NG -2.0.3 has Incorrect Access Control. | |||||