Vulnerabilities > Improper Cross-boundary Removal of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-41156 Improper Cross-boundary Removal of Sensitive Data vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware
Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats.
network
low complexity
hitachienergy CWE-212
2.7
2024-10-21 CVE-2024-49997 Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure.
network
low complexity
linux CWE-212
7.5
2024-09-10 CVE-2024-7698 Improper Cross-boundary Removal of Sensitive Data vulnerability in Phoenixcontact products
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
network
low complexity
phoenixcontact CWE-212
5.7
2023-12-22 CVE-2023-48308 Improper Cross-boundary Removal of Sensitive Data vulnerability in Nextcloud Calendar
Nextcloud/Cloud is a calendar app for Nextcloud.
network
low complexity
nextcloud CWE-212
6.5
2023-12-18 CVE-2023-41967 Improper Cross-boundary Removal of Sensitive Data vulnerability in Gallagher Controller 6000 Firmware
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.
low complexity
gallagher CWE-212
4.6
2023-05-31 CVE-2023-3006 Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel 6.1
A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne.
local
low complexity
linux CWE-212
5.5
2023-03-27 CVE-2023-1637 Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel 5.18
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM.
local
low complexity
linux CWE-212
5.5
2023-01-03 CVE-2022-3460 Improper Cross-boundary Removal of Sensitive Data vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
network
low complexity
octopus CWE-212
7.5
2022-11-10 CVE-2022-39393 Improper Cross-boundary Removal of Sensitive Data vulnerability in Bytecodealliance Wasmtime
Wasmtime is a standalone runtime for WebAssembly.
network
low complexity
bytecodealliance CWE-212
8.6
2022-08-26 CVE-2022-0171 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux redhat debian CWE-212
5.5