CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 25/75 • 8949 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-11-30
High

CVE-2023-5247

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious…

CVSS: 7.8 CWE: CWE-73 - External Control of File Name or Path View on NVD
2023-11-29
High

CVE-2022-42539

Information disclosure

CVSS: 7.5 CWE: N/A View on NVD
2023-11-23
High

CVE-2023-4595

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuratio…

CVSS: 7.5 CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory View on NVD
Medium

CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to informati…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-22
Medium

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensi…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-20
Medium

CVE-2023-36013

PowerShell Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2023-11-17
High

CVE-2023-22275

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information di…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2023-22274

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthen…

CVSS: 7.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2023-22272

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of th…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-22268

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information di…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-11-15
Medium

CVE-2023-4723

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthen…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected M…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2023-43588

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

CVSS: 3.5 CWE: CWE-449 - The UI Performs the Wrong Action View on NVD
High

CVE-2023-35080

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to variou…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-11-14
Medium

CVE-2023-39199

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

CVSS: 4.9 CWE: CWE-325 - Missing Cryptographic Step View on NVD
Medium

CVE-2023-40540

Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.1 CWE: CWE-1303 - Non-Transparent Sharing of Microarchitectural Resources View on NVD
Medium

CVE-2023-40220

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.3 CWE: CWE-92 View on NVD
Medium

CVE-2023-33872

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-32701

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

CVSS: 7.1 CWE: CWE-1288 - Improper Validation of Consistency within Input View on NVD
Medium

CVE-2023-32283

Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2023-32279

Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure vi…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2023-28723

Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via lo…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2023-28404

Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via…

CVSS: 3.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-27879

Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-25080

Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local…

CVSS: 5.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2023-24588

Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via phy…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-23583

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosur…

CVSS: 8.8 CWE: CWE-1281 - Sequence of Processor Instructions Leads to Unexpected Behavior View on NVD
Medium

CVE-2023-22327

Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 6.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
Low

CVE-2023-22313

Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 2.3 CWE: CWE-92 View on NVD
Low

CVE-2022-46647

Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 2.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Low

CVE-2022-46646

Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 2.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2022-46299

Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3 CWE: CWE-691 - Insufficient Control Flow Management View on NVD
Low

CVE-2022-45109

Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3 CWE: CWE-665 - Improper Initialization View on NVD
Low

CVE-2022-43666

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local acces…

CVSS: 3.3 CWE: CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information View on NVD
Low

CVE-2022-43477

Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2023-36428

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-36406

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-36404

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-36398

Windows NTFS Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2023-36052

Azure CLI REST Command Information Disclosure Vulnerability

CVSS: 8.6 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-36043

Open Management Infrastructure Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-13
Medium

CVE-2023-6101

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the c…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-6100

A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipula…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-10
Medium

CVE-2023-6076

A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of th…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-08
High

CVE-2023-5079

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-5136

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially cra…

CVSS: 5.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2023-11-07
High

CVE-2021-43419

An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app.

CVSS: 7.5 CWE: CWE-778 - Insufficient Logging View on NVD
Medium

CVE-2023-4272

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-42527

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.

CVSS: 5.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI interfaces.

CVSS: 6.1 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28568

Information disclosure in WLAN HAL when reception status handler is called.

CVSS: 6.1 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info command.

CVSS: 6.1 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI command.

CVSS: 6.1 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

CVSS: 6.1 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28553

Information Disclosure in WLAN Host when processing WMI event command.

CVSS: 6.1 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-36409

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
2023-11-06
Low

CVE-2021-4430

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler.…

CVSS: 3.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-32825

In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User i…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-11-03
High

CVE-2023-39299

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a ne…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-45024

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-41260

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-41259

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-11-02
High

CVE-2023-31017

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vuln…

CVSS: 7.8 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-31016

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of s…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2023-43087

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause informat…

CVSS: 4.3 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2023-11-01
Medium

CVE-2023-42654

In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42652

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42651

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42650

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42649

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-42648

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42647

In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution pr…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-42646

In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution pri…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-42644

In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42643

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42642

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42641

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42640

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42639

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42638

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42637

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42636

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42635

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42634

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42633

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42632

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-42631

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2023-10-30
Medium

CVE-2023-40101

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21395

In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User inte…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-21394

In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21387

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System e…

CVSS: 4.4 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2023-21385

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-21384

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interac…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21383

In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21382

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure wi…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-21379

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. Us…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21377

In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21376

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User inte…

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-21368

In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21367

In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional executi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21359

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. Us…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21357

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed f…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21354

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informati…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2023-21353

In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21352

In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21350

In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disc…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Low

CVE-2023-21349

In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information discl…

CVSS: 3.3 CWE: CWE-203 - Observable Discrepancy View on NVD
Low

CVE-2023-21348

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclo…

CVSS: 3.3 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2023-21347

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction i…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2023-21346

In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local inform…

CVSS: 3.3 CWE: CWE-203 - Observable Discrepancy View on NVD
Low

CVE-2023-21345

In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information…

CVSS: 3.3 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2023-21344

In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclos…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2023-21340

In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User inte…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-21338

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privil…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2023-21337

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privile…

CVSS: 7.8 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2023-21336

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosu…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2023-21335

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure w…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD