Total
570 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2024-08-04 | 8.8 High |
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2024-08-04 | 8.8 High |
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10348 | 1 Jenkins | 1 Gogs | 2024-08-04 | 8.8 High |
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10351 | 1 Jenkins | 1 Caliper Ci | 2024-08-04 | 8.8 High |
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10350 | 1 Jenkins | 1 Port Allocator | 2024-08-04 | 8.8 High |
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10099 | 1 Apache | 1 Spark | 2024-08-04 | 7.5 High |
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. | ||||
CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | ||||
CVE-2019-9104 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-08-04 | 7.5 High |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | ||||
CVE-2019-8118 | 1 Magento | 1 Magento | 2024-08-04 | 5.3 Medium |
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | ||||
CVE-2019-6670 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-04 | 4.4 Medium |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. | ||||
CVE-2019-5848 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-04 | 6.5 Medium |
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
CVE-2019-5810 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-08-04 | 6.5 Medium |
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
CVE-2019-5765 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Android and 5 more | 2024-08-04 | N/A |
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. | ||||
CVE-2019-3937 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-08-04 | 7.8 High |
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data. | ||||
CVE-2019-3612 | 1 Mcafee | 2 Data Exchange Layer, Threat Intelligence Exchange | 2024-08-04 | 4.4 Medium |
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. | ||||
CVE-2019-3606 | 1 Mcafee | 1 Network Security Manager | 2024-08-04 | N/A |
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | ||||
CVE-2019-0285 | 1 Sap | 1 Crystal Reports | 2024-08-04 | N/A |
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | ||||
CVE-2020-36473 | 1 Ucweb | 1 Ucweb Uc | 2024-08-04 | 3.7 Low |
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. |