CWE:
 

Topic
Date
Author
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2019-11-26
Low
CVE-2016-3192

Vendor: Cloudera
Software: Cloudera manager
 

 
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.

 
2019-11-15
Low
CVE-2011-2916

Vendor: Qtnx project
Software: QTNX
 

 
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.

 
2019-11-08
Medium
CVE-2008-7272

Vendor: Getfiregpg
Software: Firegpg
 

 
FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.

 
2019-11-05
Medium
CVE-2019-8118

Vendor: Magento
Software: Magento
 

 
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

 
2019-10-09
Medium
CVE-2019-15023

Vendor: Zingbox
Software: Inspector
 

 
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.

 
2019-10-08
Low
CVE-2019-17106

Vendor: Centreon
Software: Centreon web
 

 
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.

 
2019-10-01
Low
CVE-2019-10433

Vendor: Jenkins
Software: Dingding
 

 
Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

 
2019-09-25
Low
CVE-2019-10414

Vendor: Jenkins
Software: Git changelog
 

 
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

 
Low
CVE-2019-10415

Vendor: Jenkins
Software: Violation co...
 

 
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

 
Low
CVE-2019-10416

Vendor: Jenkins
Software: Violation co...
 

 
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top