Vulnerabilities (CVE)

Filtered by CWE-922
Total 201 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20391 1 Ibm 1 Qradar User Behavior Analytics 2024-02-28 2.1 LOW 3.3 LOW
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
CVE-2021-22914 1 Citrix 1 Cloud Connector 2024-02-28 5.0 MEDIUM 7.5 HIGH
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
CVE-2020-28911 1 Nagios 1 Fusion 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
CVE-2021-25404 1 Samsung 2 Smartthings, Smartthings Firmware 2024-02-28 2.1 LOW 3.3 LOW
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
CVE-2020-5008 1 Ibm 1 Datapower Gateway 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.
CVE-2020-4765 1 Ibm 1 Cloud Pak For Multicloud Management 2024-02-28 2.1 LOW 3.3 LOW
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
CVE-2021-36786 1 Miniorange 1 Saml 2024-02-28 5.0 MEDIUM 7.5 HIGH
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVE-2021-25402 1 Samsung 1 Notes 2024-02-28 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
CVE-2021-28815 1 Qnap 4 Myqnapcloud Link, Qts, Quts Hero and 1 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
CVE-2021-0639 1 Google 1 Android 2024-02-28 2.1 LOW 5.5 MEDIUM
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551
CVE-2021-20575 1 Ibm 2 Application Gateway, Security Verify Access 2024-02-28 2.1 LOW 3.3 LOW
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
CVE-2020-4673 1 Ibm 1 Workload Automation 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.
CVE-2020-26104 1 Cpanel 1 Cpanel 2024-02-28 5.0 MEDIUM 7.5 HIGH
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
CVE-2020-4650 1 Ibm 1 Maximo Spatial Asset Management 2024-02-28 2.1 LOW 3.3 LOW
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.
CVE-2020-29603 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
CVE-2019-19557 1 Harman 1 Hermes 2024-02-28 2.1 LOW 2.4 LOW
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.
CVE-2019-8790 1 Apple 1 Swift 2024-02-28 2.1 LOW 5.5 MEDIUM
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
CVE-2020-13937 1 Apache 1 Kylin 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
CVE-2020-4315 1 Ibm 1 Business Automation Content Analyzer On Cloud 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.
CVE-2020-4886 1 Ibm 1 Infosphere Information Server 2024-02-28 2.1 LOW 3.3 LOW
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.