Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-11 | CVE-2019-9095 | Insufficiently Protected Credentials vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 5.0 |
| 2020-03-10 | CVE-2019-10705 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. | 4.3 |
| 2020-03-10 | CVE-2019-11686 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | 2.1 |
| 2020-03-10 | CVE-2019-10706 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. | 6.3 |
| 2020-03-09 | CVE-2020-2145 | Insufficiently Protected Credentials vulnerability in Jenkins Zephyr Enterprise Test Management Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | 5.5 |
| 2020-03-05 | CVE-2020-8994 | Insufficiently Protected Credentials vulnerability in MI Mdz-25-Dt Firmware 1.34.36/1.40.14 An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. | 7.2 |
| 2020-03-03 | CVE-2020-5404 | Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. | 4.9 |
| 2020-03-02 | CVE-2020-6794 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 4.3 |
| 2020-02-27 | CVE-2020-3841 | Insufficiently Protected Credentials vulnerability in Apple Safari The issue was addressed with improved UI handling. | 4.3 |
| 2020-02-26 | CVE-2020-9337 | Insufficiently Protected Credentials vulnerability in Golfbuddyglobal Course Manager 1.1 In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | 4.0 |