ReportizFlow
Filtered by vendor
Subscriptions
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18615 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 4.9 Medium |
| In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application. | ||||
| CVE-2019-18572 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-11-21 | 9.8 Critical |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application. | ||||
| CVE-2019-18256 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2024-11-21 | 4.6 Medium |
| BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit. | ||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 9.8 Critical |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | ||||
| CVE-2019-17393 | 1 Tomedo | 1 Server | 2024-11-21 | 9.8 Critical |
| The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | ||||
| CVE-2019-17356 | 1 Infinitestudio | 1 Infinite Design | 2024-11-21 | 6.5 Medium |
| The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. | ||||
| CVE-2019-16673 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | ||||
| CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | ||||
| CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2024-11-21 | 10.0 Critical |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | ||||
| CVE-2019-16572 | 1 Jenkins | 1 Weibo | 2024-11-21 | 5.5 Medium |
| Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2024-11-21 | 6.5 Medium |
| Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 6.5 Medium |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16544 | 1 Qmetry | 1 Jenkins Qmetry For Jira | 2024-11-21 | 8.8 High |
| Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16543 | 1 Jenkins | 1 Spira Importer | 2024-11-21 | 5.5 Medium |
| Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-16542 | 1 Jenkins | 1 Anchore Container Image Scanner | 2024-11-21 | 6.5 Medium |
| Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16541 | 2 Jenkins, Redhat | 2 Jira, Openshift | 2024-11-21 | 9.9 Critical |
| Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | ||||
| CVE-2019-16211 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 9.8 Critical |
| Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | ||||
| CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 7.5 High |
| NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | ||||
| CVE-2019-15656 | 1 Dlink | 4 Dsl-2875al, Dsl-2875al Firmware, Dsl-2877al and 1 more | 2024-11-21 | 7.5 High |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | ||||
| CVE-2019-15655 | 1 Dlink | 2 Dsl-2875al, Dsl-2875al Firmware | 2024-11-21 | 7.5 High |
| D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. | ||||