Medium
CVE-2023-21334
In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional executi…
Tag: Information Disclosure
All CVEs associated with "Information Disclosure". Page 26/75 • 8949 CVEs.
Subscribe CVEs: RSS for “Information Disclosure” · RSS (High+Critical only)
About “Information Disclosure”
A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-10-30
Medium
CVE-2023-21333
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclos…
Medium
CVE-2023-21332
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclos…
Medium
CVE-2023-21331
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosur…
Medium
CVE-2023-21330
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information discl…
Medium
CVE-2023-21329
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution p…
Medium
CVE-2023-21327
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di…
Medium
CVE-2023-21326
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informati…
Medium
CVE-2023-21325
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure w…
High
CVE-2023-21324
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of p…
Medium
CVE-2023-21323
In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disc…
Medium
CVE-2023-21321
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges neede…
Medium
CVE-2023-21320
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure w…
Medium
CVE-2023-21319
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution…
Medium
CVE-2023-21318
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wi…
Medium
CVE-2023-21317
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclo…
Medium
CVE-2023-21316
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wi…
Medium
CVE-2023-21315
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed…
Medium
CVE-2023-21314
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not ne…
Medium
CVE-2023-21312
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction…
Medium
CVE-2023-21311
In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution pr…
Medium
CVE-2023-21309
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n…
Medium
CVE-2023-21307
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure…
Medium
CVE-2023-21306
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional exec…
Medium
CVE-2023-21305
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wi…
Medium
CVE-2023-21304
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information discl…
Medium
CVE-2023-21303
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wit…
Medium
CVE-2023-21302
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information discl…
Medium
CVE-2023-21301
In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation…
Medium
CVE-2023-21300
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclo…
Medium
CVE-2023-21299
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information discl…
High
CVE-2023-21298
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges…
Medium
CVE-2023-21297
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User inter…
Medium
CVE-2023-21296
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privileg…
Medium
CVE-2023-21295
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution p…
Medium
CVE-2023-21294
In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User…
Medium
CVE-2023-21293
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation o…
Medium
CVE-2022-20264
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information di…
2023-10-29
Medium
CVE-2023-43041
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability i…
2023-10-27
Medium
CVE-2023-40139
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges neede…
Low
CVE-2023-40138
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges neede…
Low
CVE-2023-40137
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional executio…
Low
CVE-2023-40136
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privile…
Low
CVE-2023-40135
In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution…
Low
CVE-2023-40134
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges…
Medium
CVE-2023-40133
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional executio…
Low
CVE-2023-40127
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User int…
Medium
CVE-2023-40123
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional exe…
Medium
CVE-2023-40121
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed…
High
CVE-2022-3611
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applic…
High
CVE-2023-46376
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.
2023-10-26
High
CVE-2023-33558
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.
High
CVE-2023-46662
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted req…
2023-10-25
Medium
CVE-2023-34056
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Medium
CVE-2022-38485
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read f…
2023-10-22
Medium
CVE-2023-38276
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.
Medium
CVE-2023-38275
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.
2023-10-20
Medium
CVE-2023-5070
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. T…
Medium
CVE-2023-4796
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the informa…
Medium
CVE-2023-4668
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated att…
High
CVE-2023-5576
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext…
2023-10-19
Medium
CVE-2023-5254
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated at…
Medium
CVE-2023-4645
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract se…
2023-10-18
High
CVE-2023-4601
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an att…
High
CVE-2023-35663
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileg…
High
CVE-2023-35656
In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional ex…
2023-10-17
Medium
CVE-2023-45357
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a…
Medium
CVE-2012-10016
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php…
2023-10-16
Medium
CVE-2023-4457
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerabili…
2023-10-14
Medium
CVE-2022-32755
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive inf…
Low
CVE-2023-5579
A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The…
High
CVE-2023-45674
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbit…
2023-10-13
High
CVE-2023-32974
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expos…
High
CVE-2023-4499
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releas…
High
CVE-2023-29464
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size…
High
CVE-2023-38218
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can…
2023-10-12
Medium
CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive i…
Medium
CVE-2023-31192
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. A…
2023-10-11
High
CVE-2023-35661
In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional executi…
Medium
CVE-2023-35653
In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User intera…
High
CVE-2023-35652
In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with ba…
Critical
CVE-2023-35648
In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with ba…
Critical
CVE-2023-35647
In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with ba…
2023-10-10
Medium
CVE-2023-36724
Windows Power Management Service Information Disclosure Vulnerability
Medium
CVE-2023-36722
Active Directory Domain Services Information Disclosure Vulnerability
Medium
CVE-2023-36713
Windows Common Log File System Driver Information Disclosure Vulnerability
Medium
CVE-2023-36706
Windows Deployment Services Information Disclosure Vulnerability
High
CVE-2023-36596
Remote Procedure Call Information Disclosure Vulnerability
Medium
CVE-2023-36576
Windows Kernel Information Disclosure Vulnerability
High
CVE-2023-36567
Windows Deployment Services Information Disclosure Vulnerability
Medium
CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability
High
CVE-2023-36438
Windows TCP/IP Information Disclosure Vulnerability
Medium
CVE-2023-36433
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Medium
CVE-2023-36429
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
High
CVE-2023-29348
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability
High
CVE-2023-5499
Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could…
Critical
CVE-2023-4966
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Medium
CVE-2023-41365
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure.…
2023-10-09
Low
CVE-2023-39194
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw…
Medium
CVE-2023-39193
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an ou…
Medium
CVE-2023-39192
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-…
Medium
CVE-2023-39189
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_N…
Critical
CVE-2023-5365
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.
High
CVE-2023-45247
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acro…
High
CVE-2023-45349
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V1…
2023-10-08
Medium
CVE-2023-40650
In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40649
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40648
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40647
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40646
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40645
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40644
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40643
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40642
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40641
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Medium
CVE-2023-40640
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
Medium
CVE-2023-40639
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
Medium
CVE-2023-40637
In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
Medium
CVE-2023-40636
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privil…
Medium
CVE-2023-40633
In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed