Total
713 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12388 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. | |||||
| CVE-2019-12122 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected. | |||||
| CVE-2019-11739 | 1 Mozilla | 1 Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. | |||||
| CVE-2019-11276 | 1 Pivotal Software | 1 Application Service | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged. | |||||
| CVE-2019-11220 | 1 Ilnkp2p Project | 1 Ilnkp2p | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. | |||||
| CVE-2019-10926 | 1 Siemens | 4 Simatic Mv420, Simatic Mv420 Firmware, Simatic Mv440 and 1 more | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted. | |||||
| CVE-2019-10740 | 3 Fedoraproject, Opensuse, Roundcube | 4 Fedora, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-10735 | 1 Claws-mail | 1 Mail | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-10734 | 1 Trojita Project | 1 Trojita | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-10732 | 2 Debian, Kde | 2 Debian Linux, Kmail | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-10435 | 1 Jenkins | 1 Sourcegear Vault | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10434 | 1 Jenkins | 1 Ldap Email | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10428 | 1 Jenkins | 1 Aqua Security Scanner | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10427 | 1 Jenkins | 1 Aqua Microscanner | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10412 | 1 Jenkins | 1 Inedo Proget | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10411 | 1 Jenkins | 1 Inedo Buildmaster | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10397 | 1 Jenkins | 1 Aqua Security Severless Scanner | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10391 | 1 Jenkins | 1 Ibm Application Security On Cloud | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10363 | 1 Jenkins | 1 Configuration As Code | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. | |||||
| CVE-2019-10251 | 1 Ucweb | 1 Uc Browser | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks. | |||||