Total
570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14886 | 1 Redhat | 4 Decision Manager, Jboss Enterprise Bpms Platform, Jboss Enterprise Brms Platform and 1 more | 2024-08-05 | 6.5 Medium |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | ||||
| CVE-2019-14825 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-08-05 | 2.7 Low |
| A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. | ||||
| CVE-2019-14890 | 1 Redhat | 1 Ansible Tower | 2024-08-05 | 8.4 High |
| A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | ||||
| CVE-2019-13947 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-08-05 | 4.9 Medium |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users. | ||||
| CVE-2019-13021 | 1 Jetstream | 1 Jetselect | 2024-08-04 | 6.5 Medium |
| The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | ||||
| CVE-2019-13099 | 1 Momo Project | 1 Momo | 2024-08-04 | N/A |
| The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat. | ||||
| CVE-2019-13100 | 1 Send-anywhere | 1 Send Anywhere | 2024-08-04 | N/A |
| The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml. | ||||
| CVE-2019-13096 | 1 Tronlink | 1 Wallet | 2024-08-04 | N/A |
| TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access. | ||||
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2024-08-04 | N/A |
| Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. | ||||
| CVE-2019-11966 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | N/A |
| A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11384 | 1 Zalora | 1 Zalora | 2024-08-04 | N/A |
| The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml. | ||||
| CVE-2019-10682 | 1 Django-nopassword Project | 1 Django-nopassword | 2024-08-04 | 7.5 High |
| django-nopassword before 5.0.0 stores cleartext secrets in the database. | ||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2024-08-04 | 4.3 Medium |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10433 | 1 Jenkins | 1 Dingding | 2024-08-04 | 3.3 Low |
| Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2024-08-04 | 3.3 Low |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2024-08-04 | 4.3 Medium |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-08-04 | 4.3 Medium |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-08-04 | 5.5 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2024-08-04 | 8.8 High |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2024-08-04 | 7.8 High |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||