Total
493 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4676 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. | |||||
CVE-2019-4566 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | |||||
CVE-2011-2916 | 1 Qtnx Project | 1 Qtnx | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | |||||
CVE-2019-14890 | 1 Redhat | 1 Ansible Tower | 2023-12-10 | 2.1 LOW | 8.4 HIGH |
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | |||||
CVE-2020-3935 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. | |||||
CVE-2019-5848 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-3767 | 1 Dell | 1 Imageassist | 2023-12-10 | 1.9 LOW | 8.2 HIGH |
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | |||||
CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | |||||
CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | |||||
CVE-2019-19228 | 1 Fronius | 132 Datamanager Box 2.0, Datamanager Box 2.0 Firmware, Eco 25.0-3-s and 129 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. | |||||
CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | |||||
CVE-2016-3192 | 1 Cloudera | 1 Cloudera Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | |||||
CVE-2019-14886 | 1 Redhat | 2 Decision Manager, Process Automation Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | |||||
CVE-2019-18238 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. | |||||
CVE-2010-3282 | 3 Fedoraproject, Hp, Redhat | 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more | 2023-12-10 | 1.9 LOW | 3.3 LOW |
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | |||||
CVE-2009-5068 | 1 Simplemachines | 1 Simple Machines Forum | 2023-12-10 | 3.5 LOW | 7.2 HIGH |
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. | |||||
CVE-2019-8118 | 1 Magento | 1 Magento | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | |||||
CVE-2019-10433 | 1 Jenkins | 1 Dingding | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. |