Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-11-21 | N/A | 7.5 HIGH |
|
Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.
|
|||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-11-21 | N/A | 7.5 HIGH |
|
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
|
|||||
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2024-11-21 | N/A | 4.0 MEDIUM |
|
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.
|
|||||
| CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 4.0 MEDIUM |
|
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.
|
|||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
|
|||||
| CVE-2022-2815 | 1 Publify Project | 1 Publify | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
|
|||||
| CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
|
|||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
|
|||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
|
|||||
| CVE-2022-1257 | 1 Mcafee | 1 Agent | 2024-11-21 | 2.1 LOW | 6.1 MEDIUM |
|
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
|
|||||
| CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
|
|||||
| CVE-2022-1021 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
|
|||||
| CVE-2022-0881 | 1 Framasoft | 1 Peertube | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
|
|||||
| CVE-2022-0724 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
|
|||||
| CVE-2021-43512 | 1 Flightradar24 | 1 Flightradar24 Flight Tracker | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.
|
|||||
| CVE-2021-42371 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
|
|||||
| CVE-2021-36786 | 1 Miniorange | 1 Saml | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
|
|||||
| CVE-2021-36127 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
|
|||||
| CVE-2021-28815 | 1 Qnap | 4 Myqnapcloud Link, Qts, Quts Hero and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.0 MEDIUM |
|
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
|
|||||
| CVE-2021-28813 | 1 Qnap | 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.6 CRITICAL |
|
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: Q ...
Show More |
|||||
| CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
|
|||||
| CVE-2021-27456 | 1 Phillips | 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
|
|||||
| CVE-2021-27170 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.
|
|||||
| CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
|
|||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
|
|||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
|
|||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
|
|||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
|
|||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
|
|||||
| CVE-2021-25402 | 1 Samsung | 1 Notes | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
|
|||||
| CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2024-11-21 | 2.1 LOW | 3.9 LOW |
|
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
|
|||||
| CVE-2021-22914 | 1 Citrix | 1 Cloud Connector | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was ins ...
Show More |
|||||
| CVE-2021-20575 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
|
|||||
| CVE-2021-20396 | 1 Ibm | 1 Security Qradar Analyst Workflow | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
|
|||||
| CVE-2021-20391 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
|
|||||
| CVE-2021-0639 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551
|
|||||
| CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure.
|
|||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
|
|||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS A ...
Show More |
|||||
| CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.
|
|||||