Vulnerabilities (CVE)

Filtered by CWE-922
Total 222 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0724 1 Microweber 1 Microweber 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
CVE-2021-43512 1 Flightradar24 1 Flightradar24 Flight Tracker 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.
CVE-2021-42371 1 Xorux 2 Lpar2rrd, Stor2rrd 2024-11-21 7.5 HIGH 9.8 CRITICAL
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
CVE-2021-36786 1 Miniorange 1 Saml 2024-11-21 5.0 MEDIUM 7.5 HIGH
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVE-2021-36546 1 Kitesky 1 Kitecms 2024-11-21 N/A 7.5 HIGH
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
CVE-2021-36127 1 Mediawiki 1 Mediawiki 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
CVE-2021-28815 1 Qnap 4 Myqnapcloud Link, Qts, Quts Hero and 1 more 2024-11-21 4.0 MEDIUM 6.0 MEDIUM
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
CVE-2021-28813 1 Qnap 6 Qgd-1600p, Qgd-1602p, Qgd-3014pt and 3 more 2024-11-21 5.0 MEDIUM 9.6 CRITICAL
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
CVE-2021-28653 1 Westerndigital 1 Armorlock 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
CVE-2021-27456 1 Phillips 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more 2024-11-21 2.1 LOW 2.4 LOW
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
CVE-2021-27170 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.
CVE-2021-25776 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-25524 1 Samsung 1 Contacts 2024-11-21 2.1 LOW 4.0 MEDIUM
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
CVE-2021-25523 1 Samsung 1 Dialer 2024-11-21 2.1 LOW 4.0 MEDIUM
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
CVE-2021-25522 1 Samsung 1 Smart Capture 2024-11-21 2.1 LOW 5.3 MEDIUM
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
CVE-2021-25404 1 Samsung 2 Smartthings, Smartthings Firmware 2024-11-21 2.1 LOW 3.3 LOW
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
CVE-2021-25402 1 Samsung 1 Notes 2024-11-21 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
CVE-2021-25266 1 Sophos 2 Authenticator, Intercept X 2024-11-21 2.1 LOW 3.9 LOW
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVE-2021-22914 1 Citrix 1 Cloud Connector 2024-11-21 5.0 MEDIUM 7.5 HIGH
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
CVE-2021-20575 1 Ibm 2 Application Gateway, Security Verify Access 2024-11-21 2.1 LOW 3.3 LOW
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.