CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 31/75 • 8949 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-05-15
Medium

CVE-2023-20710

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-20709

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-20706

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20705

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-20704

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-20703

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20698

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20697

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-05-12
Medium

CVE-2022-47880

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleart…

CVSS: 5.3 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2023-05-11
Medium

CVE-2023-27554

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sens…

CVSS: 6.3 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users…

CVSS: 5.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2023-05-10
High

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure.

CVSS: 7.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2023-28411

Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

CVSS: 6.3 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2023-25776

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

CVSS: 6.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-25175

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-24475

Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

CVSS: 6.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2023-23909

Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via…

CVSS: 2.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-23573

Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2023-22447

Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure…

CVSS: 2.0 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2023-22379

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-46279

Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-42878

Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosur…

CVSS: 2.8 CWE: CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference View on NVD
Medium

CVE-2022-41771

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via lo…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2022-41646

Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

CVSS: 4.7 CWE: CWE-691 - Insufficient Control Flow Management View on NVD
Low

CVE-2022-41621

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-40974

Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 1.8 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2022-40685

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS: 6.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2022-38087

Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.1 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2022-37409

Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 4.7 CWE: CWE-691 - Insufficient Control Flow Management View on NVD
Medium

CVE-2022-37327

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Boa…

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2022-32577

Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local acc…

CVSS: 3.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-31477

Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.0 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2022-21239

Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-05-09
High

CVE-2023-28127

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-26365

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-b…

CVSS: 8.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

CVSS: 7.4 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2023-28290

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2023-24954

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2023-24945

Windows iSCSI Target Service Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-24944

Windows Bluetooth Driver Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2023-24901

Windows NFS Portmapper Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-24900

Windows NTLM Security Support Provider Information Disclosure Vulnerability

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-48371

In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-48370

In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-48242

In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2023-05-03
High

CVE-2022-3405

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-30995

Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows,…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2023-05-02
High

CVE-2022-33273

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

CVSS: 7.3 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-40505

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
2023-05-01
Medium

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informa…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-48186

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.

CVSS: 6.2 CWE: CWE-295 - Improper Certificate Validation View on NVD
2023-04-29
High

CVE-2023-30441

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-For…

CVSS: 7.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2023-04-28
Medium

CVE-2023-1526

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have ex…

CVSS: 7.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-2360

Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.

CVSS: 7.5 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD
2023-04-27
High

CVE-2023-28770

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attac…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-04-26
Medium

CVE-2023-28009

HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2023-28008

HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensi…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2023-04-24
Medium

CVE-2023-22918

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W…

CVSS: 6.5 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
2023-04-22
Medium

CVE-2023-25514

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file.…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-25513

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file.…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-25512

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-25508

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which…

CVSS: 6.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, den…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2023-25506

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code…

CVSS: 7.5 CWE: CWE-788 - Access of Memory Location After End of Buffer View on NVD
High

CVE-2023-25505

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to den…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escal…

CVSS: 8.2 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2023-0206

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2023-0202

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerabi…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-0201

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service…

CVSS: 6.7 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
High

CVE-2023-0200

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of pr…

CVSS: 7.5 CWE: CWE-788 - Access of Memory Location After End of Buffer View on NVD
High

CVE-2023-0184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and da…

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
2023-04-19
Medium

CVE-2023-21082

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local informat…

CVSS: 5.5 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
Medium

CVE-2023-21080

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileg…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20935

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20909

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution pri…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2023-04-17
High

CVE-2023-27909

An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-04-16
Medium

CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the at…

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2023-04-15
High

CVE-2023-29207

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code inclu…

CVSS: 8.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2023-29202

XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML…

CVSS: 9.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-04-14
Medium

CVE-2023-28091

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVSS: 5.5 CWE: N/A View on NVD
2023-04-13
Medium

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2022-33297

Information disclosure due to buffer overread in Linux sensors

CVSS: 6.8 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-33295

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-33291

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-33287

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-33258

Information disclosure due to buffer over-read in modem while reading configuration parameters.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-33228

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-33222

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-25747

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-25737

Information disclosure in modem due to missing NULL check while reading packets received from local network

CVSS: 7.5 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
High

CVE-2022-25731

Information disclosure in modem due to buffer over-read while processing packets from DNS server

CVSS: 7.5 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
High

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2022-25726

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

CVSS: 8.2 CWE: CWE-126 - Buffer Over-read View on NVD
2023-04-12
Medium

CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially…

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-04-11
Medium

CVE-2023-28312

Azure Machine Learning Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-28277

Windows DNS Server Information Disclosure Vulnerability

CVSS: 4.9 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-28271

Windows Kernel Memory Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-28267

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28266

Windows Common Log File System Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28263

Visual Studio Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-170 - Improper Null Termination View on NVD
Medium

CVE-2023-28253

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2023-28247

Windows Network File System Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2023-24883

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-21729

Remote Procedure Call Runtime Information Disclosure Vulnerability

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to o…

CVSS: 6.8 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2023-04-10
Medium

CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, re…

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-04-08
Low

CVE-2013-10024

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipu…

CVSS: 3.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-04-07
High

CVE-2023-27876

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2023-04-06
Medium

CVE-2023-20688

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20677

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20676

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20675

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20674

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20665

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed f…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20660

In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for…

CVSS: 4.4 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-04-05
Medium

CVE-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of in…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD