Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 7.5 High |
| In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | ||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2024-08-03 | 5.3 Medium |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | ||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2024-08-03 | 4 Medium |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | ||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2024-08-03 | 4 Medium |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | ||||
| CVE-2021-25402 | 1 Samsung | 1 Notes | 2024-08-03 | 3.3 Low |
| Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | ||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-08-03 | 3.3 Low |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | ||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2024-08-03 | 6.5 Medium |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | ||||
| CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2024-08-03 | 3.9 Low |
| An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | ||||
| CVE-2021-22914 | 1 Citrix | 1 Cloud Connector | 2024-08-03 | 7.5 High |
| Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. | ||||
| CVE-2021-0639 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551 | ||||
| CVE-2022-44619 | 1 Intel | 1 Data Center Manager | 2024-08-03 | 8.2 High |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-44581 | 2024-08-03 | 5 Medium | ||
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | ||||
| CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2024-08-03 | 5.1 Medium |
| IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | ||||
| CVE-2022-43475 | 1 Intel | 1 Data Center Manager | 2024-08-03 | 6 Medium |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41876 | 1 Ibexa | 1 Ezplatform-graphql | 2024-08-03 | 7.5 High |
| ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer. | ||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2024-08-03 | 6.5 Medium |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | ||||
| CVE-2022-40959 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-03 | 6.5 Medium |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | ||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2024-08-03 | 2.4 Low |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | ||||
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-08-03 | 7.5 High |
| Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | ||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-08-03 | 7.5 High |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | ||||