Total
320 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2024-11-21 | N/A | 5.5 MEDIUM |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | |||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | N/A | 3.2 LOW |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | |||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-11-21 | N/A | 3.3 LOW |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | |||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | N/A | 5.1 MEDIUM |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | |||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2024-11-21 | N/A | 3.7 LOW |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | |||||
| CVE-2023-22469 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | 5.8 MEDIUM |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | |||||
| CVE-2023-0580 | 1 Abb | 1 My Control System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | |||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2024-11-21 | N/A | 7.5 HIGH |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | |||||
| CVE-2022-44619 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 8.2 HIGH |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-44581 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | |||||
| CVE-2022-43475 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 6.0 MEDIUM |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41876 | 1 Ibexa | 1 Ezplatform-graphql | 2024-11-21 | N/A | 7.5 HIGH |
| ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer. | |||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2024-11-21 | N/A | 6.5 MEDIUM |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2024-11-21 | N/A | 2.4 LOW |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | |||||
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-11-21 | N/A | 7.5 HIGH |
| Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-11-21 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2024-11-21 | N/A | 4.0 MEDIUM |
| IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | |||||
| CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 4.0 MEDIUM |
| IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | |||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||||
| CVE-2022-2815 | 1 Publify Project | 1 Publify | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | |||||