Vulnerabilities > Insecure Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2022-06-07 CVE-2022-30740 Insecure Storage of Sensitive Information vulnerability in Samsung Internet
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
local
low complexity
samsung CWE-922
2.1
2022-06-02 CVE-2021-43512 Insecure Storage of Sensitive Information vulnerability in Flightradar24 Flight Tracker
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.
local
low complexity
flightradar24 CWE-922
2.1
2022-05-12 CVE-2022-1044 Insecure Storage of Sensitive Information vulnerability in Trudesk Project Trudesk
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
4.3
2022-05-03 CVE-2021-46440 Insecure Storage of Sensitive Information vulnerability in Strapi
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.
network
low complexity
strapi CWE-922
5.0
2022-04-27 CVE-2021-25266 Insecure Storage of Sensitive Information vulnerability in Sophos Authenticator and Intercept X
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
local
low complexity
sophos CWE-922
2.1
2022-04-14 CVE-2022-1257 Insecure Storage of Sensitive Information vulnerability in Mcafee Agent
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
local
low complexity
mcafee CWE-922
2.1
2022-03-23 CVE-2021-27456 Insecure Storage of Sensitive Information vulnerability in Phillips products
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
local
low complexity
phillips CWE-922
2.1
2022-03-09 CVE-2022-0881 Insecure Storage of Sensitive Information vulnerability in Framasoft Peertube
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
network
low complexity
framasoft CWE-922
4.0
2022-02-25 CVE-2022-25264 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
network
low complexity
jetbrains CWE-922
5.0
2022-02-23 CVE-2022-0724 Insecure Storage of Sensitive Information vulnerability in Microweber
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber CWE-922
4.0