Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38453 | 2024-07-09 | N/A | 7.5 HIGH | ||
| The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | |||||
| CVE-2024-33004 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application. | |||||
| CVE-2024-32236 | 2024-07-03 | N/A | 3.5 LOW | ||
| An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. | |||||
| CVE-2024-22808 | 2024-07-03 | N/A | 7.5 HIGH | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. | |||||
| CVE-2023-49515 | 1 Tp-link | 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more | 2024-07-03 | N/A | 4.6 MEDIUM |
| Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | |||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-07-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | |||||
| CVE-2024-29953 | 2024-06-26 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords. | |||||
| CVE-2024-6295 | 2024-06-25 | N/A | 3.9 LOW | ||
| udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn. | |||||
| CVE-2022-44581 | 2024-05-17 | N/A | 5.0 MEDIUM | ||
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | |||||
| CVE-2023-41965 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-05-17 | N/A | 7.5 HIGH |
| Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. | |||||
| CVE-2024-28132 | 2024-05-08 | N/A | 4.4 MEDIUM | ||
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-04-29 | N/A | 8.1 HIGH |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | |||||
| CVE-2024-29965 | 2024-04-19 | N/A | 6.8 MEDIUM | ||
| In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | |||||
| CVE-2024-21826 | 2024-03-04 | N/A | 4.3 MEDIUM | ||
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | |||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-02-08 | N/A | 4.3 MEDIUM |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | |||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 3.3 LOW |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | |||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2024-01-10 | N/A | 6.8 MEDIUM |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | |||||
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2023-12-19 | N/A | 7.5 HIGH |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2023-12-18 | N/A | 6.5 MEDIUM |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | |||||
| CVE-2023-6460 | 1 Google | 1 Cloud Firestore | 2023-12-08 | N/A | 5.5 MEDIUM |
| A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue | |||||