Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-29965 | 2024-04-19 | N/A | 6.8 MEDIUM | ||
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | |||||
CVE-2023-41965 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-04-11 | N/A | 7.5 HIGH |
Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. | |||||
CVE-2024-21826 | 2024-03-04 | N/A | 4.3 MEDIUM | ||
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | |||||
CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-02-13 | N/A | 8.1 HIGH |
Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass. | |||||
CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-02-08 | N/A | 4.3 MEDIUM |
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | |||||
CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2024-01-10 | N/A | 6.8 MEDIUM |
Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | |||||
CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2023-12-19 | N/A | 7.5 HIGH |
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2023-12-18 | N/A | 6.5 MEDIUM |
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | |||||
CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2023-12-10 | N/A | 6.0 MEDIUM |
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | |||||
CVE-2023-32184 | 1 Opensuse | 1 Welcome | 2023-12-10 | N/A | 7.8 HIGH |
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. | |||||
CVE-2023-29261 | 1 Ibm | 1 Sterling External Authentication Server | 2023-12-10 | N/A | 5.5 MEDIUM |
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. | |||||
CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2023-12-10 | N/A | 7.5 HIGH |
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | |||||
CVE-2023-40728 | 1 Siemens | 1 Qms Automotive | 2023-12-10 | N/A | 7.8 HIGH |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | |||||
CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2023-12-10 | N/A | 5.5 MEDIUM |
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | |||||
CVE-2023-37879 | 1 Wftpserver | 1 Wing Ftp Server | 2023-12-10 | N/A | 7.5 HIGH |
Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0. | |||||
CVE-2022-39043 | 1 Juiker | 1 Juiker | 2023-12-10 | N/A | 2.4 LOW |
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | |||||
CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2023-12-10 | N/A | 5.5 MEDIUM |
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | |||||
CVE-2023-0580 | 1 Abb | 1 My Control System | 2023-12-10 | N/A | 9.8 CRITICAL |
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | |||||
CVE-2023-2665 | 1 Rosariosis | 1 Rosariosis | 2023-12-10 | N/A | 7.5 HIGH |
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | |||||
CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2023-12-10 | N/A | 5.3 MEDIUM |
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. |