Vulnerabilities (CVE)

CWE filter

CWE-255

Filter

1268 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14709 1 Microdigital 3 Mdc-n2190v Firmware, Mdc-n4090 Firmware, Mdc-n4090w Firmware 2019-08-14 5.0
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and...
CVE-2019-10379 1 Google 1 Cloud Messaging Notification 2019-08-13 4.0
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10370 1 Jenkins 1 Mask Passwords 2019-08-13 4.3
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.
CVE-2019-10378 1 Jenkins 1 Testlink 2019-08-13 2.1
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10385 1 Jenkins 1 Eggplant 2019-08-13 4.0
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2016-10791 1 Cpanel 1 Cpanel 2019-08-13 5.0
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
CVE-2017-18470 1 Cpanel 1 Cpanel 2019-08-12 4.0
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
CVE-2019-11202 1 Rancher 1 Rancher 2019-08-12 7.5
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password....
CVE-2019-5456 1 Ui 1 Unifi Controller 2019-08-06 4.3
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
CVE-2016-10821 1 Cpanel 1 Cpanel 2019-08-06 4.0
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
CVE-2019-12820 1 Jisiwei 1 I3 Firmware 2019-08-02 4.3
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example,...
CVE-2019-10366 1 Jenkins 1 Skytap Cloud Ci 2019-08-01 4.0
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10361 1 Jenkins 1 M2release 2019-08-01 2.1
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
CVE-2019-10345 1 Jenkins 1 Configuration As Code 2019-08-01 2.1
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.
CVE-2019-1020009 1 Kolide 1 Fleet 2019-07-31 5.0
Fleet before 2.1.2 allows exposure of SMTP credentials.
CVE-2018-20862 2019-07-31 2.1
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
CVE-2019-14389 1 Cpanel 1 Cpanel 2019-07-30 2.1
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
CVE-2019-14351 1 Espocrm 1 Espocrm 2019-07-30 4.0
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.
CVE-2019-13100 1 Send-anywhere 1 Send Anywhere 2019-07-29 4.0
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via...
CVE-2019-9229 2019-07-26 5.8
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local...