Filtered by CWE-922
Total 216 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-34721 2024-11-05 6.2 Medium
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-48353 1 Yealink 2 Meeting Server, Yealink Meeting Server 2024-11-05 7.5 High
Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information.
CVE-2024-51399 1 Altaitechnologies 1 Ix500 Firmware 2024-11-05 5.7 Medium
Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft.
CVE-2024-32211 1 Lomag 1 Warehouse Management 2024-11-05 5.5 Medium
An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components.
CVE-2024-23561 2024-11-04 4.3 Medium
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
CVE-2023-42823 2024-11-04 2.7 Low
The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
CVE-2024-39459 2024-11-01 4.3 Medium
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).
CVE-2022-30359 1 Ovaledge 1 Ovaledge 2024-10-31 5.4 Medium
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.
CVE-2022-30361 1 Ovaledge 1 Ovaledge 2024-10-31 4.3 Medium
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.
CVE-2024-23445 2024-10-31 6.5 Medium
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body  restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned. This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models  that was previously a beta feature and is released as GA with 8.14.0
CVE-2024-20462 1 Cisco 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more 2024-10-31 5.5 Medium
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.
CVE-2024-22371 1 Redhat 1 Openshift Serverless 2024-10-31 2.9 Low
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
CVE-2024-21211 1 Oracle 3 Graalvm, Graalvm For Jdk, Java Se 2024-10-31 3.7 Low
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-42677 1 Isellerpal 1 Enterprise Resource Management System 2024-10-30 5.5 Medium
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component
CVE-2024-25728 1 Expressvpn 1 Expressvpn 2024-10-30 7.5 High
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.
CVE-2024-25360 1 Motorola 2 Cx2l, Cx2l Firmware 2024-10-30 5.3 Medium
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
CVE-2024-23229 2024-10-30 5.5 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My data.
CVE-2024-20050 2024-10-30 4.4 Medium
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.
CVE-2024-44213 1 Apple 1 Macos 2024-10-30 7.5 High
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker in a privileged network position may be able to leak sensitive user information.
CVE-2024-38312 1 Mozilla 1 Firefox 2024-10-30 6.5 Medium
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.