Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29261 | 1 Ibm | 1 Sterling External Authentication Server | 2023-09-08 | N/A | 5.5 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2023-08-08 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2023-08-07 | N/A | 7.5 HIGH |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | |||||
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2023-07-27 | N/A | 5.5 MEDIUM |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | |||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2023-07-21 | N/A | 2.4 LOW |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | |||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2023-06-13 | N/A | 5.3 MEDIUM |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | |||||
| CVE-2023-2665 | 1 Rosariosis | 1 Rosariosis | 2023-05-19 | N/A | 7.5 HIGH |
| Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | |||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2023-05-17 | N/A | 6.5 MEDIUM |
| A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2023-05-11 | N/A | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | |||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2023-04-21 | N/A | 7.5 HIGH |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | |||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 6.5 MEDIUM |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||||
| CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2023-02-10 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2022-2815 | 1 Publify Project | 1 Publify | 2023-01-20 | N/A | 6.5 MEDIUM |
| Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | |||||
| CVE-2022-40959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 6.5 MEDIUM |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2019-4549 | 1 Ibm | 1 Security Directory Server | 2022-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. | |||||
| CVE-2022-41876 | 1 Ibexa | 1 Ezplatform-graphql | 2022-11-15 | N/A | 5.3 MEDIUM |
| ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer. | |||||
| CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | |||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2022-09-26 | N/A | 6.5 MEDIUM |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2022-09-15 | N/A | 7.5 HIGH |
| Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | |||||
| CVE-2021-42371 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2022-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. | |||||