Vulnerabilities (CVE)

CWE filter

CWE-255

Filter

994 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11064 2 Androvideo, Geovision 3 Vd 1 Firmware, Gv-vd8700 Firmware, Gv-vr360 Firmware 2019-10-10 5.0
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via...
CVE-2019-8350 1 Simple 1 Better Banking 2019-10-09 2.1
The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android...
CVE-2019-7612 2 Netapp, Elastic 2 Active Iq Performance Analytics Services, Logstash 2019-10-09 5.0
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged...
CVE-2019-6567 1 Siemens 3 Scalance X-200irt Firmware, Scalance X-300 Firmware, Scalance X-414-3e Firmware 2019-10-09 2.1
A vulnerability has been identified in SCALANCE X-200 (All Versions < V5.2.4), SCALANCE X-200IRT (All versions), SCALANCE X-300 (All versions), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An...
CVE-2019-6549 2019-10-09 4.0
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.
CVE-2019-6531 2019-10-09 N/A
An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.
CVE-2019-6526 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to...
CVE-2019-5627 1 Bluecats 1 Bc Reveal 2019-10-09 4.3
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise...
CVE-2019-5626 2019-10-09 2.1
The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow...
CVE-2019-5615 1 Rapid7 1 Insightvm 2019-10-09 3.5
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials...
CVE-2019-5456 1 Ui 1 Unifi Controller 2019-10-09 4.3
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
CVE-2019-5431 1 Twitter 1 Twitter Kit 2019-10-09 5.5
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate...
CVE-2019-4336 2019-10-09 5.0
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.
CVE-2019-4321 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-10-09 5.0
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords...
CVE-2019-4239 1 Ibm 1 Cloud Private 2019-10-09 2.1
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
CVE-2019-4169 1 Ibm 1 Open Power 2019-10-09 6.4
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
CVE-2019-4059 1 Ibm 1 Rational Clearcase 2019-10-09 5.0
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
CVE-2019-3937 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 2.1
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover...
CVE-2019-3927 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 5.0
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker...
CVE-2019-3869 1 Redhat 1 Ansible Tower 2019-10-09 N/A
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.