Total
113 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39043 | 1 Juiker | 1 Juiker | 2024-02-04 | N/A | 2.4 LOW |
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | |||||
CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2024-02-04 | N/A | 6.5 MEDIUM |
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||||
CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-02-04 | N/A | 7.5 HIGH |
Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | |||||
CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-02-04 | N/A | 7.5 HIGH |
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
CVE-2022-1257 | 1 Mcafee | 1 Agent | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | |||||
CVE-2022-0881 | 1 Framasoft | 1 Peertube | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. | |||||
CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | |||||
CVE-2022-0724 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | |||||
CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | |||||
CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-02-04 | 2.1 LOW | 4.3 MEDIUM |
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||||
CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2024-02-04 | 2.1 LOW | 3.9 LOW |
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | |||||
CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | |||||
CVE-2021-43512 | 1 Flightradar24 | 1 Flightradar24 Flight Tracker | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | |||||
CVE-2021-27456 | 1 Phillips | 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more | 2024-02-04 | 2.1 LOW | 2.4 LOW |
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control. | |||||
CVE-2021-28813 | 1 Qnap | 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later | |||||
CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||||
CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||||
CVE-2017-13909 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. | |||||
CVE-2021-25524 | 1 Samsung | 1 Contacts | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. |