Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1257 | 1 Mcafee | 1 Agent | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | |||||
CVE-2022-30740 | 1 Samsung | 1 Internet | 2023-12-10 | 2.1 LOW | 4.3 MEDIUM |
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||||
CVE-2021-27456 | 1 Phillips | 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more | 2023-12-10 | 2.1 LOW | 2.4 LOW |
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control. | |||||
CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | |||||
CVE-2022-0724 | 1 Microweber | 1 Microweber | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | |||||
CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||||
CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | |||||
CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||||
CVE-2021-25523 | 1 Samsung | 1 Dialer | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
CVE-2021-25524 | 1 Samsung | 1 Contacts | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||||
CVE-2017-13909 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. | |||||
CVE-2021-42371 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. | |||||
CVE-2021-28813 | 1 Qnap | 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later | |||||
CVE-2021-0639 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551 | |||||
CVE-2021-36786 | 1 Miniorange | 1 Saml | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | |||||
CVE-2020-5008 | 1 Ibm | 1 Datapower Gateway | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. | |||||
CVE-2021-36127 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). | |||||
CVE-2021-20391 | 1 Ibm | 1 Qradar User Behavior Analytics | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. |