Total
1151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10206 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-11-21 | 6.5 Medium |
| ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. | ||||
| CVE-2019-10205 | 1 Redhat | 1 Quay | 2024-11-21 | 6.3 Medium |
| A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | ||||
| CVE-2019-10160 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-11-21 | 9.8 Critical |
| A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. | ||||
| CVE-2019-10139 | 2 Ovirt, Redhat | 2 Cockpit-ovirt, Enterprise Linux | 2024-11-21 | 7.8 High |
| During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. | ||||
| CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2024-11-21 | N/A |
| Fleet before 2.1.2 allows exposure of SMTP credentials. | ||||
| CVE-2019-1010308 | 1 Aquaverde | 1 Aquarius Cms | 2024-11-21 | N/A |
| Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. | ||||
| CVE-2019-1010241 | 1 Jenkins | 1 Credentials Binding | 2024-11-21 | 6.5 Medium |
| Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. | ||||
| CVE-2019-1003097 | 1 Jenkins | 1 Crowd Integration | 2024-11-21 | 6.5 Medium |
| Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-1003096 | 1 Jenkins | 1 Testfairy | 2024-11-21 | 6.5 Medium |
| Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-1003045 | 1 Trustsource | 1 Ecs Publisher | 2024-11-21 | 6.5 Medium |
| A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | ||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2024-11-21 | 8.8 High |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | ||||
| CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 7.8 High |
| An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | ||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | ||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0183 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.3 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0182 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.3 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0180 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 4.4 Medium |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0179 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 4.4 Medium |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0178 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.6 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0175 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 4.4 Medium |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||