Total
658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13947 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 4.9 Medium |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users. | ||||
| CVE-2019-13100 | 1 Send-anywhere | 1 Send Anywhere | 2024-11-21 | N/A |
| The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml. | ||||
| CVE-2019-13099 | 1 Momo Project | 1 Momo | 2024-11-21 | N/A |
| The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat. | ||||
| CVE-2019-13096 | 1 Tronlink | 1 Wallet | 2024-11-21 | N/A |
| TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access. | ||||
| CVE-2019-13021 | 1 Jetstream | 1 Jetselect | 2024-11-21 | 6.5 Medium |
| The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | ||||
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2024-11-21 | N/A |
| Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. | ||||
| CVE-2019-11966 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11384 | 1 Zalora | 1 Zalora | 2024-11-21 | N/A |
| The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml. | ||||
| CVE-2019-10682 | 1 Django-nopassword Project | 1 Django-nopassword | 2024-11-21 | 7.5 High |
| django-nopassword before 5.0.0 stores cleartext secrets in the database. | ||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2024-11-21 | 7.8 High |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2024-11-21 | 4.3 Medium |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | 4.3 Medium |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2024-11-21 | 3.3 Low |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 8.8 High |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2024-11-21 | 4.3 Medium |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2024-11-21 | 8.8 High |
| Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2024-11-21 | 8.8 High |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10433 | 1 Jenkins | 1 Dingding | 2024-11-21 | 3.3 Low |
| Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10430 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-11-21 | 5.5 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10351 | 1 Jenkins | 1 Caliper Ci | 2024-11-21 | 8.8 High |
| Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||