Vulnerabilities (CVE)

CWE filter

CWE-255

Filter

1214 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3888 1 Redhat 2 Undertow, Virtualization 2019-06-14 5.0
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using...
CVE-2019-9636 4 Python, Fedoraproject, Redhat and 1 more 10 Python, Fedora, Enterprise Linux Desktop and 7 more 2019-06-13 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached...
CVE-2019-10339 1 Jenkins 1 Jx Resources 2019-06-13 4.0
A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially...
CVE-2019-3947 1 Fujielectric 1 V-server 2019-06-13 5.0
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.
CVE-2019-0307 1 Sap 1 Solution Manager 2019-06-13 2.7
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an...
CVE-2018-5797 2019-06-12 3.3
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who...
CVE-2019-12794 1 Misp 1 Misp 2019-06-11 6.0
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a...
CVE-2017-13717 1 Starry 1 S00111 Firmware 2019-06-11 4.3
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on...
CVE-2019-10160 2 Python, Redhat 2 Python, Enterprise Linux 2019-06-11 5.0
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit...
CVE-2019-6452 1 Kyocera 1 Command Center Rx 2019-06-11 4.0
Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.
CVE-2018-10698 1 Moxa 1 Awk-3121 Firmware 2019-06-10 10.0
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user....
CVE-2018-10694 1 Moxa 1 Awk-3121 Firmware 2019-06-10 4.3
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow...
CVE-2018-10690 1 Moxa 1 Awk-3121 Firmware 2019-06-10 4.3
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and...
CVE-2014-2226 2 Ubnt, Ui 2 Unifi Controller, Unifi Controller 2019-06-10 2.6
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2019-11369 2019-06-04 4.0
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
CVE-2019-12373 1 Ivanti 1 Landesk Management Suite 2019-06-04 5.0
Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.
CVE-2019-10981 1 Schneider-electric 2 Citectscada, Scada Expert Vijeo Citect 2019-06-03 2.1
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials.
CVE-2019-10329 1 Eficode 1 Influxdb 2019-06-03 4.0
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10312 1 Jenkins 1 Ansible Tower 2019-05-31 4.0
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of...
CVE-2019-12452 2019-05-30 3.5
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users...