Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2024-08-03 | 4 Medium |
| IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | ||||
| CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2024-08-03 | 4 Medium |
| IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | ||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-08-03 | 4.1 Medium |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | ||||
| CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-08-03 | 7.5 High |
| In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | ||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 6.5 Medium |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | ||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 7.5 High |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | ||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-08-03 | 5.5 Medium |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | ||||
| CVE-2022-2815 | 1 Publify Project | 1 Publify | 2024-08-03 | 6.5 Medium |
| Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2022-1257 | 1 Mcafee | 1 Agent | 2024-08-02 | 6.1 Medium |
| Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | ||||
| CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2024-08-02 | 6.5 Medium |
| Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | ||||
| CVE-2022-1021 | 1 Chatwoot | 1 Chatwoot | 2024-08-02 | 5.4 Medium |
| Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. | ||||
| CVE-2022-0881 | 1 Framasoft | 1 Peertube | 2024-08-02 | 6.5 Medium |
| Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. | ||||
| CVE-2022-0724 | 1 Microweber | 1 Microweber | 2024-08-02 | 6.5 Medium |
| Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2023-49515 | 1 Tp-link | 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more | 2024-08-02 | 4.6 Medium |
| Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | ||||
| CVE-2024-28069 | 2024-08-02 | N/A | ||
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. | ||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2024-08-02 | 7.4 High |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | ||||
| CVE-2023-42913 | 1 Apple | 1 Macos | 2024-08-02 | 8.8 High |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. | ||||
| CVE-2023-40728 | 1 Siemens | 1 Qms Automotive | 2024-08-02 | 7.3 High |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | ||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-08-02 | 8 High |
| A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-08-02 | 3.2 Low |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | ||||