CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 39/75 • 8950 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8950 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-05-10
Medium

CVE-2022-29123

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29122

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29120

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29116

Windows Kernel Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-29114

Windows Print Spooler Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-29112

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29102

Windows Failover Cluster Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-26940

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26936

Windows Server Service Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26935

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26934

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26933

Windows NTFS Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-26930

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-26913

Windows Authentication Information Disclosure Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
Medium

CVE-2022-22015

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-22011

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-20121

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privilege…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20119

In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privil…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2022-20117

In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privi…

CVSS: 5.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
Medium

CVE-2022-20115

In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20011

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20010

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-20008

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that trigge…

CVSS: 4.6 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2021-39700

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution p…

CVSS: 5.5 CWE: N/A View on NVD
2022-05-09
Medium

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh pa…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2022-05-06
High

CVE-2022-23802

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to…

CVSS: 7.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290…

CVSS: 5.5 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
Critical

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data…

CVSS: 9.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-05-05
High

CVE-2022-29500

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-43547

TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result…

CVSS: 7.5 CWE: CWE-406 - Insufficient Control of Network Message Volume (Network Amplification) View on NVD
Medium

CVE-2021-38693

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-38487

RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic…

CVSS: 8.2 CWE: CWE-406 - Insufficient Control of Network Message Volume (Network Amplification) View on NVD
Medium

CVE-2021-38429

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition…

CVSS: 6.6 CWE: CWE-406 - Insufficient Control of Network Message Volume (Network Amplification) View on NVD
High

CVE-2021-38425

eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in…

CVSS: 7.5 CWE: CWE-406 - Insufficient Control of Network Message Volume (Network Amplification) View on NVD
Medium

CVE-2021-39020

IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-05-04
High

CVE-2022-25787

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all…

CVSS: 7.5 CWE: CWE-598 - Use of HTTP Request With Sensitive Query String View on NVD
Medium

CVE-2022-25780

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-05-03
Medium

CVE-2022-20104

In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interact…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-20103

In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2022-20102

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction…

CVSS: 4.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20101

In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-20100

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction…

CVSS: 4.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20098

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction…

CVSS: 4.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-20097

In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-20096

In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed…

CVSS: 4.4 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2022-20092

In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-1331

In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized informa…

CVSS: 5.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-04-29
High

CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability…

CVSS: 8.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2022-1114

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to Image…

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
2022-04-26
High

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2022-04-21
Medium

CVE-2022-23711

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the heal…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-04-20
Critical

CVE-2022-0567

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluste…

CVSS: 9.1 CWE: CWE-20 - Improper Input Validation View on NVD
2022-04-19
Medium

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable b…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-26627

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay comman…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-04-18
High

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification,…

CVSS: 7.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-04-15
Medium

CVE-2022-26920

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-26911

Skype for Business Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26907

Azure SDK for .NET Information Disclosure Vulnerability

CVSS: 5.3 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2022-26897

Azure Site Recovery Information Disclosure Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-26896

Azure Site Recovery Information Disclosure Vulnerability

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-26816

Windows DNS Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26785

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26783

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-24539

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2022-24498

Windows iSCSI Target Service Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-24493

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-24490

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2022-24483

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-27849

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-04-14
High

CVE-2021-40402

An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specia…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2021-40400

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2021-40392

An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sn…

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2022-04-13
Medium

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may lea…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with S…

CVSS: 5.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-04-12
High

CVE-2022-22559

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for info…

CVSS: 7.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
Medium

CVE-2022-27671

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

CVSS: 6.5 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
High

CVE-2022-27667

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restrict…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2022-21168

The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.

CVSS: 3.3 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
High

CVE-2021-39809

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution pr…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-39805

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional ex…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-39803

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User i…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2021-39800

In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
2022-04-11
Medium

CVE-2022-27822

Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.

CVSS: 6.6 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2022-27576

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2022-27575

Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-25794

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure.…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-20081

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User in…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2022-20079

In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is…

CVSS: 4.4 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2022-20076

In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not need…

CVSS: 4.4 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2022-20066

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User intera…

CVSS: 4.4 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2022-20065

In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed…

CVSS: 6.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-20064

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not…

CVSS: 6.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-1252

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms lea…

CVSS: 8.2 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2022-04-09
Medium

CVE-2022-28365

Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with…

CVSS: 5.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
2022-04-08
Medium

CVE-2022-24428

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially…

CVSS: 6.3 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2022-04-07
Medium

CVE-2022-25594

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration informati…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-04-01
Critical

CVE-2022-27177

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2

CVSS: 9.8 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2022-03-30
Medium

CVE-2021-39791

In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informati…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39788

In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local inform…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2021-39781

In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges need…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-39779

In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed.…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2021-39778

In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no add…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-39777

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no a…

CVSS: 5.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2021-39775

In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wit…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39773

In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39770

In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges nee…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2021-39769

In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2021-39766

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure w…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39765

In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for e…

CVSS: 5.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
High

CVE-2021-39762

In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2021-39761

In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39760

In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosu…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39757

In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-39756

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39755

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local i…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39754

In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosur…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2021-39753

In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no addition…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2021-39751

In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional ex…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD