The vulnerability of hardware and software solutions for data storage and information processing in Dell PowerFlex Appliances, PowerFlex Rack, PowerFlex Custom Node, InsightIQ, and Data Lakehouse lies in the insecure storage of confidential information, allowing unauthorized access to protected data by attackers.

The vulnerabilities of hardware and software solutions for data storage and information processing in Dell PowerFlex Appliances, PowerFlex Rack, PowerFlex Custom Node, InsightIQ, and Data Lakehouse are related to the insecure storage of confidential information. Exploiting these vulnerabilities c...

CVE-2024-37144

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 for RCM 3.8.x train and prior to RCM 3.7.6.0 for RCM 3.7.x train, Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior...

CVE-2024-37144

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 for RCM 3.8.x train and prior to RCM 3.7.6.0 for RCM 3.7.x train, Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior...

Dell PowerFlex 安全漏洞

Dell PowerFlex is a commercial software-defined storage product from Dell USA. A security vulnerability exists in Dell PowerFlex that originates from insecure storage of sensitive information. An attacker with elevated privileges with local access could exploit this vulnerability to cause...

CVE-2024-47043 Ruijie Reyee OS Insecure Storage of Sensitive Information

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server allows attackers to gain unauthorized access to protected information, thereby enabling them to compromise the security of these systems.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server relates to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the virtual learning environment Moodle, related to the insecure storage of confidential information, allows a perpetrator to gain access to confidential data.

The vulnerability in the virtual learning environment Moodle is related to the insecure storage of confidential information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...

Credential Exposure

github.com/rancher/rancher is vulnerable to Credential Exposure. The vulnerability is due to insecure storage of vSphere CPI and CSI credentials in plaintext within Rancher, which allows unauthorized access to sensitive information...

Cisco Firepower Threat Defense and Cisco Adaptive Security Appliance Authorization Issues Vulnerability

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco Corporation.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect...

CVE-2024-20370

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco Corporation.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect...

CVE-2024-45733

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...

CVE-2024-45744 TopQuadrant TopBraid EDG password manager stores external credentials insecurely

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...

CVE-2024-45744 TopQuadrant TopBraid EDG password manager stores external credentials insecurely

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

CVE-2024-47122 Insecure Storage of Sensitive Information in goTenna Pro

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

CVE-2024-47122 Insecure Storage of Sensitive Information in goTenna Pro

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

GHSA-2QQ7-FCH2-PHQF Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...

Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...

CVE-2024-47197

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...