Vulnerabilities (CVE)

Filtered by CWE-922
Total 201 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22687 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup 2024-02-28 N/A 7.5 HIGH
Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions.
CVE-2023-31150 1 Selinc 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more 2024-02-28 N/A 6.5 MEDIUM
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details.
CVE-2023-2665 1 Rosariosis 1 Rosariosis 2024-02-28 N/A 7.5 HIGH
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
CVE-2022-39043 1 Juiker 1 Juiker 2024-02-28 N/A 2.4 LOW
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.
CVE-2022-43877 1 Ibm 1 Urbancode Deploy 2024-02-28 N/A 5.5 MEDIUM
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
CVE-2022-43475 1 Intel 1 Data Center Manager 2024-02-28 N/A 7.8 HIGH
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-3064 1 Mobatime 1 Amxgt 100 2024-02-28 N/A 5.3 MEDIUM
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
CVE-2023-22469 1 Nextcloud 1 Deck 2024-02-28 N/A 3.5 LOW
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.
CVE-2022-40959 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-02-28 N/A 6.5 MEDIUM
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
CVE-2021-36546 1 Kitesky 1 Kitecms 2024-02-28 N/A 7.5 HIGH
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
CVE-2022-2815 1 Publify Project 1 Publify 2024-02-28 N/A 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-41876 1 Ibexa 1 Ezplatform-graphql 2024-02-28 N/A 5.3 MEDIUM
ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer.
CVE-2022-37835 1 Torguard 1 Vpn 2024-02-28 N/A 7.5 HIGH
Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.
CVE-2022-41320 1 Veritas 1 System Recovery 2024-02-28 N/A 6.5 MEDIUM
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
CVE-2022-34354 2 Ibm, Linux 2 Partner Engagement Manager, Linux Kernel 2024-02-28 N/A 3.3 LOW
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.
CVE-2022-34312 1 Ibm 1 Cics Tx 2024-02-28 N/A 3.3 LOW
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.
CVE-2022-35513 1 Blink1 1 Blink1control2 2024-02-28 N/A 7.5 HIGH
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
CVE-2022-28170 1 Broadcom 1 Fabric Operating System 2024-02-28 N/A 6.5 MEDIUM
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
CVE-2022-0881 1 Framasoft 1 Peertube 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
CVE-2022-0724 1 Microweber 1 Microweber 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.