Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-922
Total 96 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1044 1 Trudesk Project 1 Trudesk 2022-05-20 4.3 MEDIUM 6.5 MEDIUM
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
CVE-2021-25266 1 Sophos 2 Authenticator, Intercept X 2022-05-06 2.1 LOW 3.9 LOW
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVE-2022-1257 1 Mcafee 1 Agent 2022-04-22 2.1 LOW 5.5 MEDIUM
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
CVE-2021-27456 1 Phillips 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more 2022-04-12 2.1 LOW 2.4 LOW
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
CVE-2022-0881 1 Framasoft 1 Peertube 2022-03-11 4.0 MEDIUM 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
CVE-2022-25264 1 Jetbrains 1 Teamcity 2022-03-08 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
CVE-2022-0724 1 Microweber 1 Microweber 2022-03-01 4.0 MEDIUM 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-21823 1 Ivanti 1 Workspace Control 2022-01-14 2.1 LOW 5.5 MEDIUM
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
CVE-2017-13909 1 Apple 1 Mac Os X 2022-01-05 2.1 LOW 5.5 MEDIUM
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.
CVE-2021-42913 1 Samsung 3 Scx-6555, Scx-6555n, Syncthru Web Service 2022-01-03 5.0 MEDIUM 7.5 HIGH
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
CVE-2021-25524 1 Samsung 1 Contacts 2021-12-13 2.1 LOW 3.3 LOW
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
CVE-2021-25523 1 Samsung 1 Dialer 2021-12-13 2.1 LOW 3.3 LOW
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
CVE-2021-25522 1 Samsung 1 Smart Capture 2021-12-13 2.1 LOW 3.3 LOW
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
CVE-2020-4803 1 Ibm 1 Edge Application Manager 2021-09-28 2.1 LOW 3.3 LOW
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
CVE-2020-4805 1 Ibm 1 Edge Application Manager 2021-09-28 2.1 LOW 3.3 LOW
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
CVE-2020-4809 1 Ibm 1 Edge Application Manager 2021-09-28 2.1 LOW 3.3 LOW
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
CVE-2021-28813 1 Qnap 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more 2021-09-23 5.0 MEDIUM 7.5 HIGH
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
CVE-2020-8481 1 Abb 1 800xa System 2021-09-14 10.0 HIGH 9.8 CRITICAL
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.
CVE-2021-28653 1 Westerndigital 1 Armorlock 2021-08-27 4.0 MEDIUM 6.5 MEDIUM
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
CVE-2021-0639 1 Google 1 Android 2021-08-24 2.1 LOW 5.5 MEDIUM
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551