| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. |
| Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. |
| Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. |
| An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. |
| Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. |
| Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. |
| Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. |
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. |
| An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. |
| Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. |
| MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. |
| IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. |
| IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. |
| In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551 |
| There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data |
