Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000425 | 1 Sonarsource | 1 Sonarqube Scanner | 2020-08-24 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | ||||
| CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2020-08-24 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | ||||
| CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2020-08-24 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | ||||
| CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2020-08-24 | 10.0 Critical |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | ||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2020-08-24 | N/A |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | ||||
| CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
| CVE-2019-3947 | 1 Fujielectric | 1 V-server | 2020-08-24 | N/A |
| Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. | ||||
| CVE-2019-8350 | 1 Simple | 1 Better Banking | 2020-08-24 | N/A |
| The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password. | ||||
| CVE-2019-7260 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2020-08-24 | N/A |
| Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | ||||
| CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2020-08-24 | N/A |
| A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | ||||
| CVE-2019-1010308 | 1 Aquaverde | 1 Aquarius Cms | 2020-08-24 | N/A |
| Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. | ||||
| CVE-2019-0120 | 1 Intel | 56 Atom 230, Atom 230 Firmware, Atom 330 and 53 more | 2020-08-24 | N/A |
| Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2019-12046 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2020-08-24 | N/A |
| LemonLDAP::NG -2.0.3 has Incorrect Access Control. | ||||
| CVE-2019-11885 | 1 Eye-disk | 1 Eyedisk | 2020-08-24 | N/A |
| eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command. | ||||
| CVE-2019-11369 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2020-08-24 | N/A |
| An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. | ||||
| CVE-2019-11367 | 1 Auo | 1 Solar Data Recorder | 2020-08-24 | N/A |
| An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully. | ||||
| CVE-2019-11350 | 1 Cloudbees | 1 Jenkins Operations Center | 2020-08-24 | N/A |
| CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. | ||||
| CVE-2019-6609 | 1 F5 | 37 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 34 more | 2020-08-24 | N/A |
| Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. | ||||
| CVE-2019-4335 | 1 Ibm | 1 Watson Studio Local | 2020-08-24 | 5.5 Medium |
| IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413. | ||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2020-08-24 | N/A |
| A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | ||||