CWE:
 

Tytuł
Data
Autor
Low
Polar Flow Android 5.7.1 Secret Disclosure
20.08.2022
Karima Hebbal
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-10-16
Waiting for details
CVE-2023-45151

Updating...
 

 
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.

 
2023-10-10
Waiting for details
CVE-2023-41964

Updating...
 

 
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

 
2023-09-27
Waiting for details
CVE-2023-41335

Updating...
 

 
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities�??it already learns the users' passwords as part of the authentication process�??it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.

 
2023-08-17
Waiting for details
CVE-2023-4392

Updating...
 

 
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237380. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2023-07-20
Waiting for details
CVE-2023-32455

Updating...
 

 
Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

 
Waiting for details
CVE-2023-32447

Updating...
 

 
Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

 
Waiting for details
CVE-2023-32446

Updating...
 

 
Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

 
Waiting for details
CVE-2023-32483

Updating...
 

 
Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.

 
2023-07-13
Waiting for details
CVE-2023-37468

Updating...
 

 
Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.

 
2023-06-12
Waiting for details
CVE-2023-1897

Updating...
 

 
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user�??s browser, which could allow an attacker with access to the user�??s computer to gain credential information of the controller.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top