Total
1071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-08-05 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | ||||
| CVE-2017-4966 | 3 Debian, Pivotal Software, Vmware | 3 Debian Linux, Rabbitmq, Rabbitmq | 2024-08-05 | 7.8 High |
| An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. | ||||
| CVE-2017-4923 | 1 Vmware | 1 Vcenter Server | 2024-08-05 | N/A |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | ||||
| CVE-2017-3214 | 1 Milwaukeetool | 1 One-key | 2024-08-05 | 7.5 High |
| The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | ||||
| CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2024-08-05 | N/A |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | ||||
| CVE-2017-2665 | 2 Mongodb, Redhat | 2 Mongodb, Storage Console | 2024-08-05 | N/A |
| The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. | ||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-08-05 | N/A |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | ||||
| CVE-2018-1000608 | 1 Jenkins | 1 Z\/os Connector | 2024-08-05 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. | ||||
| CVE-2018-1000627 | 1 Battelle | 1 V2i Hub | 2024-08-05 | N/A |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. | ||||
| CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2024-08-05 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | ||||
| CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2024-08-05 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | ||||
| CVE-2018-1000425 | 1 Sonarsource | 1 Sonarqube Scanner | 2024-08-05 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | ||||
| CVE-2018-1000403 | 1 Jenkins | 1 Aws Codedeploy | 2024-08-05 | N/A |
| Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. | ||||
| CVE-2018-1000401 | 1 Jenkins | 1 Aws Codepipeline | 2024-08-05 | N/A |
| Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. | ||||
| CVE-2018-1000404 | 1 Jenkins | 1 Aws Codebuild | 2024-08-05 | N/A |
| Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. | ||||
| CVE-2018-1000057 | 1 Jenkins | 1 Credentials Binding | 2024-08-05 | N/A |
| Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. | ||||
| CVE-2018-21237 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
| CVE-2018-21248 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | ||||
| CVE-2018-21239 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
| CVE-2018-21031 | 1 Plex | 1 Media Server | 2024-08-05 | 6.5 Medium |
| Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product. | ||||