Total
491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3606 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 1.9 LOW | 4.1 MEDIUM |
| Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | |||||
| CVE-2019-10099 | 1 Apache | 1 Spark | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
| Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. | |||||
| CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2018-18641 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. | |||||
| CVE-2018-1877 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. | |||||
| CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. | |||||
| CVE-2018-19009 | 1 Pilz | 1 Pnozmulti Configurator | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. | |||||
| CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18984 | 1 Medtronic | 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. | |||||
| CVE-2018-10871 | 2 Debian, Fedoraproject | 2 Debian Linux, 389 Directory Server | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
| 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. | |||||
| CVE-2018-19279 | 2 Microsoft, Primx | 2 Windows, Zonecentral | 2023-12-10 | 2.1 LOW | 4.3 MEDIUM |
| PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater. | |||||
| CVE-2019-5765 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Android and 4 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. | |||||
| CVE-2018-9065 | 1 Lenovo | 1 Xclarity Administrator | 2023-12-10 | 3.5 LOW | 7.5 HIGH |
| In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | |||||
| CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2018-8947 | 1 Laravel Log Viewer Project | 1 Laravel Log Viewer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request. | |||||
| CVE-2018-10812 | 1 Bitpie | 1 Bitcoin Wallet | 2023-12-10 | 1.9 LOW | 4.1 MEDIUM |
| The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS). | |||||
| CVE-2018-0089 | 1 Cisco | 1 Policy Suite | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. | |||||
| CVE-2018-1621 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 2.1 LOW | 6.7 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. | |||||
| CVE-2017-5249 | 1 Wink | 1 Wink | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||