Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23437

Summary
Assigner-Honor
Assigner Org ID-3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At-29 Dec, 2023 | 02:15
Updated At-29 Oct, 2024 | 19:13
Rejected At-
Credits

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Honor
Assigner Org ID:3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At:29 Dec, 2023 | 02:15
Updated At:29 Oct, 2024 | 19:13
Rejected At:
▼CVE Numbering Authority (CNA)

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

Affected Products
Vendor
Honor Device Co., Ltd.Honor
Product
com.hihonor.vmall
Default Status
unaffected
Versions
Affected
  • From 2.3.1.303 before 2.3.3.300 (custom)
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hihonor.com/global/security/cve-2023-23437/
N/A
Hyperlink: https://www.hihonor.com/global/security/cve-2023-23437/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hihonor.com/global/security/cve-2023-23437/
x_transferred
Hyperlink: https://www.hihonor.com/global/security/cve-2023-23437/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-922CWE-922 Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-922
Description: CWE-922 Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At:29 Dec, 2023 | 03:15
Updated At:29 Oct, 2024 | 20:35

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Honor Device Co., Ltd.
hihonor
>>vmall>>Versions before 2.3.3.300(exclusive)
cpe:2.3:a:hihonor:vmall:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-922Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-922
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.hihonor.com/global/security/cve-2023-23437/3836d913-7555-4dd0-a509-f5667fdf5fe4
Vendor Advisory
Hyperlink: https://www.hihonor.com/global/security/cve-2023-23437/
Source: 3836d913-7555-4dd0-a509-f5667fdf5fe4
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

85Records found
CVE-2023-51433
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-2.9||LOW
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:47
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51429
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6||MEDIUM
EPSS-0.06% / 19.63%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:36
Updated-09 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_osMagic OS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51430
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 19.63%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:39
Updated-27 Nov, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51432
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.2||LOW
EPSS-0.08% / 23.62%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-8994
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:13
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8992
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.03% / 5.88%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:28
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-8993
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:18
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47150
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 12:16
Updated-05 Jun, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47154
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:39
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47155
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:47
Updated-05 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47156
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:02
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Leak Vulnerability in Honor Product

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagicOS
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-23440
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-3.3||LOW
EPSS-0.15% / 36.51%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:47
Updated-09 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-lge-an00lge-an00_firmwareLGE-AN00
CVE-2023-23434
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.53%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:05
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-honorboardappHonorBoardApp
CVE-2023-23439
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.04% / 12.65%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-lge-an00lge-an00_firmwareLGE-AN00
CVE-2023-23441
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:11
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23426
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:54
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-fri-an00_firmwarefri-an00FRI-AN00
CVE-2024-47153
Matching Score-8
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Honor Device Co., Ltd.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:31
Updated-05 Jun, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Action-Not Available
Vendor-honorHonor Device Co., Ltd.
Product-magicosMagic OS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-27232
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-21 Nov, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-0639
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 18:29
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23290
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.41%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-13 Feb, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacosiOS and iPadOSmacOStvOSwatchOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23205
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-13 Feb, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosiOS and iPadOSmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-21826
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.27%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huks has an insecure storage of sensitive information vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-20462
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:16
Updated-31 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_191_firmwareata_192ata_191Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-12082
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-0037
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.02% / 2.96%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:08
Updated-03 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-6460
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.73%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 12:26
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information leak in nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Action-Not Available
Vendor-Google LLC
Product-cloud_firestorenodejs-firestore
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-42878
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:41
Updated-03 Dec, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacoswatchoswatchOSmacOSiOS and iPadOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25402
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25404
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmartThings
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-40093
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.62%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:08
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25524
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-contactsContacts
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25523
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-dialerSamsungDialer
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25522
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_captureSamsung Capture
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-20575
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-31 May, 2021 | 14:50
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.

Action-Not Available
Vendor-IBM Corporation
Product-application_gatewaysecurity_verify_accessSecurity Verify Access
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-20396
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:25
Updated-17 Sep, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.

Action-Not Available
Vendor-IBM Corporation
Product-security_qradar_analyst_workflowQRadar Analyst Workflow
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-21003
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-16 Jul, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-21098
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an insecure storage of sensitive information vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-2157
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.20%
||
7 Day CHG~0.00%
Published-15 Mar, 2025 | 06:35
Updated-21 May, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: disclosure of executed commands and outputs in foreman / red hat satellite

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Satellite ServerRed Hat Satellite 6
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-20391
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 11.63%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 16:15
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_user_behavior_analyticsQRadar SIEM
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2022-33973
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-29 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windows_10wlan_authentication_and_privacy_infrastructurewindows_11Intel(R) WAPI Security software for Windows 10/11
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-6916
Matching Score-4
Assigner-Zowe
ShareView Details
Matching Score-4
Assigner-Zowe
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.51%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 10:47
Updated-23 Aug, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zowe CLI --show-inputs-only displays securely stored properties

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag.

Action-Not Available
Vendor-zoweOpen Mainframe Project
Product-zowe_cliZowe CLI - Imperative
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2022-34354
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 16:25
Updated-25 Apr, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-partner_engagement_managerlinux_kernelPartner Engagement Manager
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-8482
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.51%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 21:33
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB Device Library Wizard Information Disclosure Vulnerability

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data

Action-Not Available
Vendor-ABB
Product-device_library_wizardABB Device Library Wizard
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54477
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 4.97%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-13 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54549
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.33%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-04 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2022-34312
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.03% / 7.50%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 17:49
Updated-30 Apr, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.

Action-Not Available
Vendor-IBM Corporation
Product-cics_txCICS TX
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54504
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.09%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-54541
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.59%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosvisionosipadosmacOSiOS and iPadOStvOSvisionOSwatchOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-26427
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-3.2||LOW
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 07:51
Updated-02 Aug, 2024 | 11:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.

Action-Not Available
Vendor-Open-Xchange AG
Product-open-xchange_appsuite_backendOX App Suite
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-44174
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.06%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-30 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
  • Previous
  • 1
  • 2
  • Next
Details not found