Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10297 | 1 Jenkins | 1 Sametime | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
| CVE-2019-0178 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-02-04 | 3.3 LOW | 3.6 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-1003045 | 1 Trustsource | 1 Ecs Publisher | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | |||||
| CVE-2019-14709 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | |||||
| CVE-2019-10294 | 1 Jenkins | 1 Kmap | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-13348 | 1 Eng | 1 Knowage | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. | |||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10302 | 1 Jenkins | 1 Jira-ext | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | |||||
| CVE-2019-10282 | 1 Jenkins | 1 Klaros-testmanagement | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1010308 | 1 Aquaverde | 1 Aquarius Cms | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. | |||||
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | |||||
| CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | |||||
| CVE-2019-0120 | 1 Intel | 56 Atom 230, Atom 230 Firmware, Atom 330 and 53 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-6567 | 1 Siemens | 8 Scalance X-200, Scalance X-200 Firmware, Scalance X-200irt and 5 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. | |||||
| CVE-2019-1003097 | 1 Jenkins | 1 Crowd Integration | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10398 | 1 Jenkins | 1 Beaker Builder | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||