Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2022-05-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | |||||
| CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2022-05-06 | 2.1 LOW | 3.9 LOW |
| An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | |||||
| CVE-2022-1257 | 1 Mcafee | 1 Agent | 2022-04-22 | 2.1 LOW | 5.5 MEDIUM |
| Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | |||||
| CVE-2021-27456 | 1 Phillips | 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more | 2022-04-12 | 2.1 LOW | 2.4 LOW |
| Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control. | |||||
| CVE-2022-0881 | 1 Framasoft | 1 Peertube | 2022-03-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. | |||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | |||||
| CVE-2022-0724 | 1 Microweber | 1 Microweber | 2022-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2022-01-14 | 2.1 LOW | 5.5 MEDIUM |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||||
| CVE-2017-13909 | 1 Apple | 1 Mac Os X | 2022-01-05 | 2.1 LOW | 5.5 MEDIUM |
| An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. | |||||
| CVE-2021-42913 | 1 Samsung | 3 Scx-6555, Scx-6555n, Syncthru Web Service | 2022-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. | |||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | |||||
| CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2021-09-28 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||||
| CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2021-09-28 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
| CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2021-09-28 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||||
| CVE-2021-28813 | 1 Qnap | 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more | 2021-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later | |||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2021-09-14 | 10.0 HIGH | 9.8 CRITICAL |
| For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | |||||
| CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2021-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | |||||
| CVE-2021-0639 | 1 Google | 1 Android | 2021-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551 | |||||