Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-312
Total 381 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10351 1 Jenkins 1 Caliper Ci 2020-10-02 4.0 MEDIUM 8.8 HIGH
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10348 1 Jenkins 1 Gogs 2020-10-01 4.0 MEDIUM 8.8 HIGH
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2020-4619 1 Ibm 1 Data Risk Manager 2020-09-22 4.0 MEDIUM 6.5 MEDIUM
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
CVE-2018-18984 1 Medtronic 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more 2020-09-18 2.1 LOW 4.6 MEDIUM
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.
CVE-2018-19009 1 Pilz 1 Pnozmulti Configurator 2020-09-18 2.1 LOW 7.8 HIGH
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.
CVE-2020-2274 1 Jenkins 1 Elastest 2020-09-18 2.1 LOW 5.5 MEDIUM
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2020-15784 1 Siemens 1 Spectrum Power 4 2020-09-14 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.
CVE-2020-15484 1 Niscomed 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware 2020-08-31 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.
CVE-2019-3606 1 Mcafee 1 Network Security Manager 2020-08-24 1.9 LOW 4.1 MEDIUM
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
CVE-2019-13100 1 Send-anywhere 1 Send Anywhere 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml.
CVE-2019-9873 1 Jetbrains 1 Intellij Idea 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
CVE-2019-3636 2 Mcafee, Microsoft 2 Total Protection, Windows 2020-08-24 4.6 MEDIUM 7.8 HIGH
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.
CVE-2019-0285 1 Sap 1 Crystal Reports 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
CVE-2019-5848 1 Google 1 Chrome 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-5765 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Android and 4 more 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
CVE-2019-11966 1 Hp 1 Intelligent Management Center 2020-08-24 9.0 HIGH 8.8 HIGH
A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-13096 1 Tronlink 1 Wallet 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access.
CVE-2019-9823 1 Jetbrains 1 Intellij Idea 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.
CVE-2019-11384 1 Zalora 1 Zalora 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
CVE-2019-9872 1 Jetbrains 1 Intellij Idea 2020-08-24 4.3 MEDIUM 8.1 HIGH
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.