Total
1009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000610 | 1 Jenkins | 1 Configuration As Code | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. | |||||
| CVE-2018-1000401 | 1 Jenkins | 1 Aws Codepipeline | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. | |||||
| CVE-2018-5708 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2023-12-10 | 6.1 MEDIUM | 8.0 HIGH |
| An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. | |||||
| CVE-2018-9160 | 1 Sickrage | 1 Sickrage | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. | |||||
| CVE-2017-7933 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2017-2665 | 2 Mongodb, Redhat | 2 Mongodb, Storage Console | 2023-12-10 | 1.9 LOW | 7.0 HIGH |
| The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. | |||||
| CVE-2018-1000404 | 1 Jenkins | 1 Aws Codebuild | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. | |||||
| CVE-2017-1000387 | 1 Jenkins | 1 Build-publisher | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations. | |||||
| CVE-2018-1000403 | 1 Jenkins | 1 Aws Codedeploy | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. | |||||
| CVE-2017-1779 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. | |||||
| CVE-2018-9031 | 1 Tnlsoftsolutions | 1 Sentry Vision | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. | |||||
| CVE-2018-1000104 | 1 Jenkins | 1 Coverity | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. | |||||
| CVE-2017-9654 | 1 Philips | 1 Dosewise | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | |||||
| CVE-2018-12260 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2023-12-10 | 2.1 LOW | 6.7 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices | |||||
| CVE-2018-7698 | 1 D-link | 1 Mydlink\+ | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. | |||||
| CVE-2017-5704 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2023-12-10 | 2.1 LOW | 6.7 MEDIUM |
| Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. | |||||
| CVE-2018-7510 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. | |||||
| CVE-2017-9637 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2023-12-10 | 1.9 LOW | 4.1 MEDIUM |
| Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
| CVE-2018-1000057 | 1 Jenkins | 1 Credentials Binding | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. | |||||