Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-4697 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 6.5 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | ||||
CVE-2019-4693 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.4 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. | ||||
CVE-2020-4593 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2020-08-26 | 4.4 Medium |
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. | ||||
CVE-2020-16280 | 1 Rangee | 1 Rangeeos | 2020-08-26 | 5.5 Medium |
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system. | ||||
CVE-2019-7271 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-08-24 | N/A |
Nortek Linear eMerge 50P/5000P devices have Default Credentials. | ||||
CVE-2019-13349 | 1 Knowage-suite | 1 Knowage | 2020-08-24 | N/A |
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | ||||
CVE-2019-13348 | 1 Eng | 1 Knowage | 2020-08-24 | N/A |
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. | ||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9868 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | N/A |
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | ||||
CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2020-08-24 | N/A |
Fleet before 2.1.2 allows exposure of SMTP credentials. | ||||
CVE-2019-9867 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | N/A |
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | ||||
CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | ||||
CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2020-08-24 | 9.8 Critical |
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | ||||
CVE-2019-9657 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2020-08-24 | N/A |
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. | ||||
CVE-2019-13054 | 1 Logitech | 2 R500, R500 Firmware | 2020-08-24 | N/A |
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z. | ||||
CVE-2019-13400 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | N/A |
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | ||||
CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2020-08-24 | N/A |
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | ||||
CVE-2019-1384 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 9.9 Critical |
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | ||||
CVE-2018-12038 | 1 Samsung | 2 840 Evo, 840 Evo Firmware | 2020-08-24 | N/A |
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | ||||
CVE-2019-10239 | 1 Robotronic | 1 Runasspc | 2020-08-24 | N/A |
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account. |