Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Fleet before 2.1.2 allows exposure of SMTP credentials. | |||||
| CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | |||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | |||||
| CVE-2019-11369 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | |||||
| CVE-2019-11350 | 1 Cloudbees | 1 Jenkins Operations Center | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. | |||||
| CVE-2019-9657 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. | |||||
| CVE-2019-11885 | 1 Eye-disk | 1 Eyedisk | 2020-08-24 | 2.1 LOW | 6.8 MEDIUM |
| eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command. | |||||
| CVE-2019-6609 | 1 F5 | 37 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 34 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. | |||||
| CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2020-08-24 | 5.0 MEDIUM | 10.0 CRITICAL |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | |||||
| CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
| CVE-2019-9867 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | |||||
| CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | |||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
| CVE-2019-3947 | 1 Fujielectric | 1 V-server | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. | |||||
| CVE-2019-9868 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | |||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2019-7260 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | |||||
| CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | |||||
| CVE-2019-1384 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 6.5 MEDIUM | 9.9 CRITICAL |
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | |||||