Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37521 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2024-11-21 | 2.3 Low |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | ||||
| CVE-2023-37439 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 6.1 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 4.3 Medium |
| vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | ||||
| CVE-2023-32184 | 1 Opensuse | 1 Welcome | 2024-11-21 | 7.8 High |
| A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. | ||||
| CVE-2023-29261 | 1 Ibm | 1 Sterling External Authentication Server | 2024-11-21 | 5.1 Medium |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. | ||||
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2024-11-21 | 5.5 Medium |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | ||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 3.2 Low |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | ||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-11-21 | 3.3 Low |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | ||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 5.1 Medium |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | ||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2024-11-21 | 7.5 High |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | ||||
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-11-21 | 7.5 High |
| Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | ||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2024-11-21 | 7.5 High |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | ||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 4.1 Medium |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | ||||
| CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | ||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | ||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 5.5 Medium |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | ||||
| CVE-2022-1257 | 1 Mcafee | 1 Agent | 2024-11-21 | 6.1 Medium |
| Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | ||||
| CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 6.5 Medium |
| Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | ||||
| CVE-2022-1021 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 5.4 Medium |
| Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. | ||||
| CVE-2022-0881 | 1 Framasoft | 1 Peertube | 2024-11-21 | 6.5 Medium |
| Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. | ||||