CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 36/75 • 8950 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8950 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-10-11
Medium

CVE-2022-41209

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure.…

CVSS: 5.2 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arb…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-35296

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privilege…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-20418

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges ne…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-20413

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges n…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-20410

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privi…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-20394

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to l…

CVSS: 5.0 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20351

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privil…

CVSS: 5.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Low

CVE-2022-41043

Microsoft Office Information Disclosure Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2022-41042

Visual Studio Code Information Disclosure Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2022-38046

Web Account Manager Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-38043

Windows Security Support Provider Interface Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-38033

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-38030

Windows USB Serial Driver Information Disclosure Vulnerability

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-38026

Windows DHCP Client Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-38025

Windows Distributed File System (DFS) Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-37996

Windows Kernel Memory Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-37985

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-37974

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
2022-10-07
High

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured i…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-22480

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.

CVSS: 7.5 CWE: N/A View on NVD
2022-09-30
Medium

CVE-2022-32540

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidenti…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-09-28
Medium

CVE-2022-29089

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit…

CVSS: 6.4 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2022-09-24
Medium

CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the conten…

CVSS: 4.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2022-09-23
Medium

CVE-2022-35249

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-35247

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unautho…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload UR…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-32849

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-32228

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB q…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-32220

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of t…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-32219

An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This mean…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-32218

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-34348

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensi…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2022-40194

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-09-22
Medium

CVE-2022-35894

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specifi…

CVSS: 6.0 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2022-35896

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the Fv…

CVSS: 6.0 CWE: CWE-20 - Improper Input Validation View on NVD
2022-09-21
Low

CVE-2019-5641

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login p…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-09-20
High

CVE-2021-33081

Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 7.9 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2021-33079

Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.1 CWE: CWE-693 - Protection Mechanism Failure View on NVD
2022-09-19
High

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affec…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-37348

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-37347

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-09-16
High

CVE-2021-46836

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-40024

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-25706

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu…

CVSS: 8.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-25690

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer…

CVSS: 7.5 CWE: CWE-129 - Improper Validation of Array Index View on NVD
Medium

CVE-2022-25653

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile…

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-09-15
Medium

CVE-2022-36074

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. Th…

CVSS: 6.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-29240

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompress…

CVSS: 8.1 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2022-09-13
Medium

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management whe…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-20399

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2022-20393

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with…

CVSS: 5.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2022-38006

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-35837

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-35831

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-34728

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-34723

Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-35294

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a sto…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to…

CVSS: 7.1 CWE: CWE-842 - Placement of User into Incorrect Group View on NVD
High

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to t…

CVSS: 7.1 CWE: CWE-842 - Placement of User into Incorrect Group View on NVD
2022-09-12
Low

CVE-2022-31221

Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on…

CVSS: 2.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-09-09
High

CVE-2022-28740

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.

CVSS: 7.5 CWE: N/A View on NVD
2022-09-08
High

CVE-2022-40281

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information dis…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2022-09-06
High

CVE-2022-34867

Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0…

CVSS: 7.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-2462

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insuffici…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-26463

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not neede…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-26462

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not neede…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-26459

In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for…

CVSS: 4.4 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2022-26456

In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not n…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hi…

CVSS: 9.0 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
2022-09-01
High

CVE-2022-36773

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s…

CVSS: 8.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-08-31
Medium

CVE-2022-26331

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS).…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-26330

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS).…

CVSS: 6.5 CWE: N/A View on NVD
2022-08-30
Medium

CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-08-29
High

CVE-2022-0284

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-08-26
Medium

CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this fla…

CVSS: 5.5 CWE: CWE-909 - Missing Initialization of Resource View on NVD
2022-08-25
High

CVE-2021-42523

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec'…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-42522

There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()'…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-08-24
High

CVE-2021-0891

An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-0887

In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privilege…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2021-0698

In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges n…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2022-08-23
Medium

CVE-2022-1989

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

CVSS: 5.3 CWE: CWE-204 - Observable Response Discrepancy View on NVD
High

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. N…

CVSS: 7.4 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2022-08-22
High

CVE-2022-32778

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making th…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making th…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2022-32761

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrar…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2022-28710

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2022-32480

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated att…

CVSS: 4.3 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
Medium

CVE-2022-31238

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially expl…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2022-31237

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially…

CVSS: 3.3 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2022-34770

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alco…

CVSS: 4.6 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2022-08-19
Critical

CVE-2022-22489

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to e…

CVSS: 9.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-08-18
Medium

CVE-2022-30944

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Critical

CVE-2022-30601

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege vi…

CVSS: 9.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2022-30296

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network a…

CVSS: 7.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2022-29507

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2022-27500

Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2022-26373

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21240

Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-21233

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21152

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21140

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-44470

Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Low

CVE-2021-23188

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2021-23179

Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclos…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-30693

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-08-17
High

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon.

CVSS: 7.5 CWE: N/A View on NVD
2022-08-16
Medium

CVE-2020-14379

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.

CVSS: 5.6 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-08-12
Medium

CVE-2021-29118

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure iss…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-29112

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure iss…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-35980

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure…

CVSS: 7.5 CWE: CWE-612 - Improper Authorization of Index Containing Sensitive Information View on NVD
Low

CVE-2022-20342

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges need…

CVSS: 3.3 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
Medium

CVE-2022-20341

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2022-20340

In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no addit…

CVSS: 3.3 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2022-20339

In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no a…

CVSS: 3.3 CWE: N/A View on NVD
Low

CVE-2022-20336

In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network du…

CVSS: 3.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20332

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclo…

CVSS: 5.5 CWE: N/A View on NVD
Low

CVE-2022-20328

In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution pri…

CVSS: 3.3 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2022-20327

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privile…

CVSS: 2.8 CWE: CWE-862 - Missing Authorization View on NVD