Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 3.2 Low |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | ||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-11-21 | 3.3 Low |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | ||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 5.1 Medium |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | ||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2024-11-21 | 7.5 High |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | ||||
| CVE-2022-44581 | 2024-11-21 | 5 Medium | ||
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | ||||
| CVE-2022-41876 | 1 Ibexa | 1 Ezplatform-graphql | 2024-11-21 | 7.5 High |
| ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer. | ||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2024-11-21 | 6.5 Medium |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | ||||
| CVE-2022-40959 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 6.5 Medium |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | ||||
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-11-21 | 7.5 High |
| Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | ||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-11-21 | 7.5 High |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | ||||
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2024-11-21 | 4 Medium |
| IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | ||||
| CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 4 Medium |
| IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | ||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 4.1 Medium |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | ||||
| CVE-2022-2815 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 Medium |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | ||||
| CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | ||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | ||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 5.5 Medium |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | ||||
| CVE-2022-1257 | 1 Mcafee | 1 Agent | 2024-11-21 | 6.1 Medium |
| Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | ||||
| CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 6.5 Medium |
| Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | ||||