Total
660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15507 | 1 Octopus | 1 Server | 2024-11-21 | N/A |
| In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | ||||
| CVE-2019-15023 | 1 Zingbox | 1 Inspector | 2024-11-21 | 7.5 High |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | ||||
| CVE-2019-14890 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 8.4 High |
| A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | ||||
| CVE-2019-14886 | 1 Redhat | 4 Decision Manager, Jboss Enterprise Bpms Platform, Jboss Enterprise Brms Platform and 1 more | 2024-11-21 | 6.5 Medium |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | ||||
| CVE-2019-14825 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | 2.7 Low |
| A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. | ||||
| CVE-2019-13947 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 4.9 Medium |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users. | ||||
| CVE-2019-13100 | 1 Send-anywhere | 1 Send Anywhere | 2024-11-21 | N/A |
| The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml. | ||||
| CVE-2019-13099 | 1 Momo Project | 1 Momo | 2024-11-21 | N/A |
| The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat. | ||||
| CVE-2019-13096 | 1 Tronlink | 1 Wallet | 2024-11-21 | N/A |
| TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access. | ||||
| CVE-2019-13021 | 1 Jetstream | 1 Jetselect | 2024-11-21 | 6.5 Medium |
| The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | ||||
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2024-11-21 | N/A |
| Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. | ||||
| CVE-2019-11966 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11384 | 1 Zalora | 1 Zalora | 2024-11-21 | N/A |
| The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml. | ||||
| CVE-2019-10682 | 1 Django-nopassword Project | 1 Django-nopassword | 2024-11-21 | 7.5 High |
| django-nopassword before 5.0.0 stores cleartext secrets in the database. | ||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2024-11-21 | 7.8 High |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2024-11-21 | 4.3 Medium |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | 4.3 Medium |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2024-11-21 | 3.3 Low |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 8.8 High |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-11-21 | 4.3 Medium |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||