Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-21 | CVE-2019-16543 | Insufficiently Protected Credentials vulnerability in Jenkins Spira Importer 3.2.2 Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
| 2019-11-21 | CVE-2019-16542 | Insufficiently Protected Credentials vulnerability in Jenkins Anchore Container Image Scanner Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2019-11-18 | CVE-2018-21031 | Insufficiently Protected Credentials vulnerability in Plex Media Server 1.18.2.202936236Cc4C Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. | 4.0 |
| 2019-11-14 | CVE-2019-15801 | Insufficiently Protected Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.0 |
| 2019-11-14 | CVE-2019-3663 | Insufficiently Protected Credentials vulnerability in Mcafee Advanced Threat Defense Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. | 7.8 |
| 2019-11-12 | CVE-2019-1384 | Insufficiently Protected Credentials vulnerability in Microsoft products A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 6.5 |
| 2019-11-06 | CVE-2010-4178 | Insufficiently Protected Credentials vulnerability in multiple products MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | 2.1 |
| 2019-11-06 | CVE-2016-4401 | Insufficiently Protected Credentials vulnerability in Arubanetworks Clearpass Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | 10.0 |
| 2019-11-04 | CVE-2013-4423 | Insufficiently Protected Credentials vulnerability in Redhat Cloudforms 3.0 CloudForms stores user passwords in recoverable format | 5.5 |
| 2019-10-29 | CVE-2019-10210 | Insufficiently Protected Credentials vulnerability in Postgresql Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | 7.0 |