Search
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2024-01-10 | N/A | 6.8 MEDIUM |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | |||||
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2023-12-19 | N/A | 7.5 HIGH |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2023-12-18 | N/A | 6.5 MEDIUM |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | |||||
| CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2023-11-30 | N/A | 6.0 MEDIUM |
| A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2023-08-08 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2023-08-07 | N/A | 7.5 HIGH |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | |||||
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2023-07-27 | N/A | 5.5 MEDIUM |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | |||||
| CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | |||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2022-06-13 | 2.1 LOW | 4.3 MEDIUM |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||||
| CVE-2021-43512 | 1 Flightradar24 | 1 Flightradar24 Flight Tracker | 2022-06-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | |||||
| CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2022-05-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | |||||
| CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2022-05-06 | 2.1 LOW | 3.9 LOW |
| An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | |||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2022-01-14 | 2.1 LOW | 5.5 MEDIUM |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||||
| CVE-2017-13909 | 1 Apple | 1 Mac Os X | 2022-01-05 | 2.1 LOW | 5.5 MEDIUM |
| An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. | |||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | |||||
| CVE-2021-42371 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. | |||||
| CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2021-09-28 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||||
| CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2021-09-28 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
| CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2021-09-28 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||||
| CVE-2021-28813 | 1 Qnap | 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more | 2021-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later | |||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2021-09-14 | 10.0 HIGH | 9.8 CRITICAL |
| For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | |||||
| CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2021-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | |||||
| CVE-2021-0639 | 1 Google | 1 Android | 2021-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551 | |||||
| CVE-2021-36786 | 1 Miniorange | 1 Saml | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | |||||
| CVE-2019-19562 | 1 Harman | 1 Hermes | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | |||||
| CVE-2020-27662 | 1 Glpi-project | 1 Glpi | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). | |||||
| CVE-2020-27663 | 1 Glpi-project | 1 Glpi | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). | |||||
| CVE-2020-4172 | 1 Ibm | 1 Security Guardium Insights | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | |||||
| CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | |||||
| CVE-2019-19560 | 1 Harman | 1 Hermes | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | |||||
| CVE-2019-8799 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. | |||||
| CVE-2020-0422 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556 | |||||
| CVE-2020-11484 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | |||||
| CVE-2021-36127 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). | |||||
| CVE-2021-22914 | 1 Citrix | 1 Cloud Connector | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. | |||||
| CVE-2021-28815 | 1 Qnap | 4 Myqnapcloud Link, Qts, Quts Hero and 1 more | 2021-06-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. | |||||
| CVE-2021-20396 | 1 Ibm | 1 Security Qradar Analyst Workflow | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. | |||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | |||||
| CVE-2021-25402 | 1 Samsung | 1 Notes | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | |||||
| CVE-2020-5008 | 1 Ibm | 1 Datapower Gateway | 2021-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. | |||||
| CVE-2021-20575 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2021-06-07 | 2.1 LOW | 3.3 LOW |
| IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. | |||||
| CVE-2020-28911 | 1 Nagios | 1 Fusion | 2021-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | |||||
| CVE-2020-4765 | 1 Ibm | 1 Cloud Pak For Multicloud Management | 2021-05-26 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. | |||||
| CVE-2021-20391 | 1 Ibm | 1 Qradar User Behavior Analytics | 2021-05-20 | 2.1 LOW | 3.3 LOW |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. | |||||
| CVE-2020-4726 | 1 Ibm | 1 Cloud Application Performance Management | 2021-03-08 | 2.1 LOW | 3.3 LOW |
| The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | |||||
| CVE-2021-27170 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | |||||
| CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | |||||
| CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2021-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | |||||