Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3606 | 1 Mcafee | 1 Network Security Manager | 2023-11-07 | 1.9 LOW | 4.1 MEDIUM |
| Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | |||||
| CVE-2019-10099 | 1 Apache | 1 Spark | 2023-11-07 | 4.3 MEDIUM | 7.5 HIGH |
| Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. | |||||
| CVE-2019-10433 | 1 Jenkins | 1 Dingding | 2023-11-07 | 2.1 LOW | 3.3 LOW |
| Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2010-0225 | 1 Sandisk | 2 Cruzer Enterprise, Cruzer Enterprise Firmware | 2023-11-07 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | |||||
| CVE-2023-46376 | 1 Zentao | 1 Biz | 2023-11-03 | N/A | 7.5 HIGH |
| Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. | |||||
| CVE-2023-46653 | 1 Jenkins | 1 Lambdatest-automation | 2023-11-01 | N/A | 6.5 MEDIUM |
| Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | |||||
| CVE-2023-46128 | 1 Networktocode | 1 Nautobot | 2023-11-01 | N/A | 6.5 MEDIUM |
| Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3. | |||||
| CVE-2019-10351 | 1 Jenkins | 1 Caliper Ci | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | |||||
| CVE-2020-2274 | 1 Jenkins | 1 Elastest | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10348 | 1 Jenkins | 1 Gogs | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2023-10-25 | 2.1 LOW | 7.8 HIGH |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2023-10-25 | 2.1 LOW | 3.3 LOW |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2177 | 1 Jenkins | 1 Copr | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||