Total
214 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2024-02-28 | N/A | 7.5 HIGH |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2024-02-28 | N/A | 6.8 MEDIUM |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | |||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-02-28 | N/A | 4.3 MEDIUM |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | |||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2024-02-28 | N/A | 6.5 MEDIUM |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | |||||
| CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2024-02-28 | N/A | 6.0 MEDIUM |
| A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | |||||
| CVE-2023-40728 | 1 Siemens | 1 Qms Automotive | 2024-02-28 | N/A | 7.8 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | |||||
| CVE-2023-29261 | 1 Ibm | 1 Sterling External Authentication Server | 2024-02-28 | N/A | 5.5 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. | |||||
| CVE-2023-32184 | 1 Opensuse | 1 Welcome | 2024-02-28 | N/A | 7.8 HIGH |
| A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. | |||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2024-02-28 | N/A | 7.5 HIGH |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | |||||
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2024-02-28 | N/A | 5.5 MEDIUM |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | |||||
| CVE-2023-37879 | 1 Wftpserver | 1 Wing Ftp Server | 2024-02-28 | N/A | 7.5 HIGH |
| Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0. | |||||
| CVE-2023-0580 | 1 Abb | 1 My Control System | 2024-02-28 | N/A | 9.8 CRITICAL |
| Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | |||||
| CVE-2022-44619 | 1 Intel | 1 Data Center Manager | 2024-02-28 | N/A | 7.8 HIGH |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2024-02-28 | N/A | 7.5 HIGH |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | |||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2023-2665 | 1 Rosariosis | 1 Rosariosis | 2024-02-28 | N/A | 7.5 HIGH |
| Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | |||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2024-02-28 | N/A | 2.4 LOW |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | |||||
| CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | N/A | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | |||||
| CVE-2022-43475 | 1 Intel | 1 Data Center Manager | 2024-02-28 | N/A | 7.8 HIGH |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2024-02-28 | N/A | 5.3 MEDIUM |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | |||||