Filtered by vendor
Subscriptions
Total
626 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2024-11-21 | 4.3 Medium |
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | 4.3 Medium |
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2024-11-21 | 3.3 Low |
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 8.8 High |
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-11-21 | 4.3 Medium |
Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2024-11-21 | 8.8 High |
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2024-11-21 | 8.8 High |
Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10433 | 1 Jenkins | 1 Dingding | 2024-11-21 | 3.3 Low |
Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-11-21 | 5.5 Medium |
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
CVE-2019-10351 | 1 Jenkins | 1 Caliper Ci | 2024-11-21 | 8.8 High |
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10350 | 1 Jenkins | 1 Port Allocator | 2024-11-21 | 8.8 High |
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10348 | 1 Jenkins | 1 Gogs | 2024-11-21 | 8.8 High |
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10099 | 1 Apache | 1 Spark | 2024-11-21 | 7.5 High |
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. | ||||
CVE-2019-0285 | 1 Sap | 1 Crystal Reports | 2024-11-21 | N/A |
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | ||||
CVE-2018-9065 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | N/A |
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | ||||
CVE-2018-8947 | 1 Laravel Log Viewer Project | 1 Laravel Log Viewer | 2024-11-21 | N/A |
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request. | ||||
CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2024-11-21 | N/A |
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. | ||||
CVE-2018-2028 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-11-21 | 6.5 Medium |
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. | ||||
CVE-2018-20008 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2024-11-21 | 6.8 Medium |
iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | ||||
CVE-2018-1882 | 5 Apple, Ibm, Linux and 2 more | 7 Macos, Aix, Spectrum Protect Backup-archive Client and 4 more | 2024-11-21 | 4.7 Medium |
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. |