Total
1098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000627 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. | |||||
| CVE-2018-1000610 | 1 Jenkins | 1 Configuration As Code | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. | |||||
| CVE-2018-1000608 | 1 Jenkins | 1 Z\/os Connector | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. | |||||
| CVE-2018-1000425 | 1 Sonarsource | 1 Sonarqube Scanner | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | |||||
| CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | |||||
| CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | |||||
| CVE-2018-1000404 | 1 Jenkins | 1 Aws Codebuild | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. | |||||
| CVE-2018-1000403 | 1 Jenkins | 1 Aws Codedeploy | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. | |||||
| CVE-2018-1000401 | 1 Jenkins | 1 Aws Codepipeline | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. | |||||
| CVE-2018-1000104 | 1 Jenkins | 1 Coverity | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. | |||||
| CVE-2018-1000057 | 1 Jenkins | 1 Credentials Binding | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. | |||||
| CVE-2018-0828 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0474 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. | |||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | |||||
| CVE-2017-9969 | 1 Schneider-electric | 1 Igss Mobile | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
| An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. | |||||
| CVE-2017-9654 | 1 Philips | 1 Dosewise | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-9637 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
| CVE-2017-7933 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2017-5704 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
| Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. | |||||
| CVE-2017-2751 | 1 Hp | 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. | |||||