Medium
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project…
Tag: Information Disclosure
All CVEs associated with "Information Disclosure". Page 29/75 • 8949 CVEs.
Subscribe CVEs: RSS for “Information Disclosure” · RSS (High+Critical only)
About “Information Disclosure”
A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-07-13
Medium
CVE-2023-37563
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are…
High
CVE-2023-35694
In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execu…
Medium
CVE-2023-21239
In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execu…
Medium
CVE-2023-21238
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges ne…
2023-07-12
Medium
CVE-2023-33902
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33901
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33900
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33899
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33898
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33895
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33894
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33893
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33892
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33891
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33890
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33889
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33888
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33887
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33886
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33885
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33884
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33883
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33882
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-33881
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Low
CVE-2023-33880
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Low
CVE-2023-33879
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-32789
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-32788
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30942
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30941
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30940
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30939
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30938
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30937
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30936
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30935
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30934
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30933
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30932
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30931
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30930
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30927
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30926
In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30925
In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30924
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30923
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30922
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30921
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30920
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30919
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30918
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Medium
CVE-2023-30913
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
2023-07-11
Medium
CVE-2023-36872
VP9 Video Extensions Information Disclosure Vulnerability
Medium
CVE-2023-36868
Azure Service Fabric on Windows Information Disclosure Vulnerability
Medium
CVE-2023-35341
Microsoft DirectMusic Information Disclosure Vulnerability
Medium
CVE-2023-35326
Windows CDP User Components Information Disclosure Vulnerability
High
CVE-2023-35325
Windows Print Spooler Information Disclosure Vulnerability
Medium
CVE-2023-35324
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Medium
CVE-2023-35316
Remote Procedure Call Runtime Information Disclosure Vulnerability
Medium
CVE-2023-35306
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Medium
CVE-2023-35296
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Medium
CVE-2023-33174
Windows Cryptographic Information Disclosure Vulnerability
Medium
CVE-2023-33162
Microsoft Excel Information Disclosure Vulnerability
Medium
CVE-2023-32085
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Medium
CVE-2023-32083
Microsoft Failover Cluster Information Disclosure Vulnerability
Medium
CVE-2023-32042
OLE Automation Information Disclosure Vulnerability
Medium
CVE-2023-32041
Windows Update Orchestrator Service Information Disclosure Vulnerability
Medium
CVE-2023-32040
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Medium
CVE-2023-32039
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Medium
CVE-2023-32037
Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
High
CVE-2023-21526
Windows Netlogon Information Disclosure Vulnerability
Low
CVE-2023-34117
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.
Medium
CVE-2023-24881
Microsoft Teams Information Disclosure Vulnerability
Critical
CVE-2023-2746
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a…
Medium
CVE-2023-36919
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated…
High
CVE-2023-35871
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KE…
2023-07-10
High
CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
High
CVE-2023-34318
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Medium
CVE-2023-29256
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features…
2023-07-07
Medium
CVE-2020-8934
The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue…
2023-07-06
Medium
CVE-2023-3529
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms o…
2023-07-04
Medium
CVE-2023-21624
Information disclosure in DSP Services while loading dynamic module.
Medium
CVE-2023-20748
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not need…
High
CVE-2023-25522
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of t…
High
CVE-2023-25521
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not perf…
High
CVE-2023-25517
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information…
High
CVE-2023-25516
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of…
2023-07-01
Medium
CVE-2021-42307
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
2023-06-28
Medium
CVE-2023-21237
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disc…
High
CVE-2023-21226
In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional exe…
High
CVE-2023-21224
In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional e…
High
CVE-2023-21223
In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional exe…
High
CVE-2023-21220
there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges need…
High
CVE-2023-21219
there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges need…
Medium
CVE-2023-21214
In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges…
Medium
CVE-2023-21213
In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System…
Medium
CVE-2023-21212
In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. Us…
Medium
CVE-2023-21211
In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interacti…
Medium
CVE-2023-21210
In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privi…
Medium
CVE-2023-21208
In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges n…
Medium
CVE-2023-21206
In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution priv…
Medium
CVE-2023-21205
In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution priv…
Medium
CVE-2023-21204
In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. Us…
Medium
CVE-2023-21202
In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with Syst…
Medium
CVE-2023-21200
In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution pri…
Medium
CVE-2023-21199
In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.…
Medium
CVE-2023-21198
In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileg…
High
CVE-2023-21197
In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution p…
Medium
CVE-2023-21196
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the B…
Medium
CVE-2023-21195
In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the…
Medium
CVE-2023-21194
In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System executi…
High
CVE-2023-21193
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction…
Medium
CVE-2023-21190
In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead…
Medium
CVE-2023-21188
In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges…
Medium
CVE-2023-21182
In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with Syst…
Medium
CVE-2023-21181
In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges…
High
CVE-2023-21180
In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges need…
Medium
CVE-2023-21178
In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User int…
Medium
CVE-2023-21177
In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local informatio…