Vulnerabilities > Insecure Storage of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-45374 | Insecure Storage of Sensitive Information vulnerability in Gotenna The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. | 6.5 |
| 2024-09-26 | CVE-2024-47122 | Insecure Storage of Sensitive Information vulnerability in Gotenna PRO In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). | 6.5 |
| 2024-09-26 | CVE-2024-47197 | Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. | 7.5 |
| 2024-07-19 | CVE-2024-6916 | Insecure Storage of Sensitive Information vulnerability in Zowe CLI A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. | 5.5 |
| 2024-06-06 | CVE-2024-5206 | Insecure Storage of Sensitive Information vulnerability in Scikit-Learn A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. | 4.7 |
| 2024-02-06 | CVE-2024-22773 | Insecure Storage of Sensitive Information vulnerability in Intelbras Action RF 1200 Firmware 1.2.2 Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | 8.1 |
| 2024-01-03 | CVE-2023-5879 | Insecure Storage of Sensitive Information vulnerability in Geniecompany Aladdin Connect 5.65 Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. | 6.8 |
| 2023-12-14 | CVE-2023-45184 | Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. | 7.5 |
| 2023-11-22 | CVE-2023-6253 | Insecure Storage of Sensitive Information vulnerability in Fortra Digital Guardian Agent A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | 6.0 |
| 2023-09-18 | CVE-2023-41965 | Insecure Storage of Sensitive Information vulnerability in Socomec Modulys GP Firmware 01.12.10 Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. | 7.5 |