Total
133 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29953 | 2024-06-26 | 4.3 Medium | ||
| A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords. | ||||
| CVE-2024-6295 | 2024-06-25 | 3.9 Low | ||
| udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn. | ||||
| CVE-2022-44581 | 2024-06-05 | 5.0 Medium | ||
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | ||||
| CVE-2024-28132 | 2024-06-04 | 4.4 Medium | ||
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-29965 | 2024-06-04 | 6.8 Medium | ||
| In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | ||||
| CVE-2024-21826 | 2024-06-04 | 4.3 Medium | ||
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | ||||
| CVE-2023-6460 | 1 Google | 1 Cloud Firestore | 2024-05-24 | 5.5 Medium |
| A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue | ||||
| CVE-2023-41965 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-05-17 | 7.5 High |
| Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. | ||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-04-29 | 8.1 High |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | ||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-02-08 | 4.3 Medium |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | ||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | 3.3 Low |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | ||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2024-01-10 | 6.8 Medium |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | ||||
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2023-12-19 | 7.5 High |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | ||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2023-12-18 | 6.5 Medium |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | ||||
| CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2023-11-30 | 6.0 Medium |
| A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | ||||
| CVE-2023-22469 | 1 Nextcloud | 1 Deck | 2023-11-07 | 3.5 Low |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | ||||
| CVE-2023-0580 | 1 Abb | 1 My Control System | 2023-11-07 | 9.8 Critical |
| Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | ||||
| CVE-2022-44619 | 1 Intel | 1 Data Center Manager | 2023-11-07 | 7.8 High |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-43475 | 1 Intel | 1 Data Center Manager | 2023-11-07 | 7.8 High |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2023-11-07 | 3.3 Low |
| IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | ||||