CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 44/75 • 8950 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8950 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-08-18
Medium

CVE-2021-20772

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

CVSS: 4.3 CWE: N/A View on NVD
2021-08-17
Medium

CVE-2021-0642

In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information d…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2021-0641

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclo…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2021-0639

In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosu…

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2021-0584

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privilege…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0582

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges n…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0581

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges n…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0580

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges n…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0579

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges n…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0578

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges n…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2021-0519

In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privilege…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-08-16
High

CVE-2021-36278

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONS…

CVSS: 8.1 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Low

CVE-2021-21592

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized informa…

CVSS: 3.1 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2021-38712

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.

CVSS: 7.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2021-08-13
High

CVE-2021-36793

The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HT…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-36791

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2020-18759

An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
High

CVE-2020-18754

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.

CVSS: 7.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2021-29880

IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force…

CVSS: 6.5 CWE: N/A View on NVD
Critical

CVE-2021-1104

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register n…

CVSS: 9.8 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2021-08-12
Medium

CVE-2021-36938

Windows Cryptographic Primitives Library Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-36933

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-36932

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-36926

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-34532

ASP.NET Core and Visual Studio Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-34485

.NET Core and Visual Studio Information Disclosure Vulnerability

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2021-26433

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-26428

Azure Sphere Information Disclosure Vulnerability

CVSS: 4.4 CWE: N/A View on NVD
2021-08-11
Medium

CVE-2021-38590

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2021-1111

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited i…

CVSS: 6.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2021-1106

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconst…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2021-33794

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

CVSS: 9.1 CWE: N/A View on NVD
Medium

CVE-2021-0003

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local a…

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2021-0002

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial o…

CVSS: 7.1 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2021-08-10
High

CVE-2021-21601

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit…

CVSS: 8.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Low

CVE-2021-21598

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerabili…

CVSS: 3.9 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2021-21597

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read s…

CVSS: 7.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2021-08-09
High

CVE-2021-36276

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local…

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
Critical

CVE-2021-21596

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with…

CVSS: 9.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-21584

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially expl…

CVSS: 7.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-08-06
Medium

CVE-2020-21356

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

CVSS: 5.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2021-38155

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features).…

CVSS: 7.5 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
2021-08-05
Medium

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) c…

CVSS: 5.5 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
Medium

CVE-2021-21791

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) c…

CVSS: 5.5 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
Medium

CVE-2021-21790

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) c…

CVSS: 5.5 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
Medium

CVE-2021-21785

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure…

CVSS: 5.5 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
2021-08-03
Medium

CVE-2021-36157

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../..…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-08-02
High

CVE-2021-22446

There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-22384

There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2021-07-30
High

CVE-2020-10590

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (…

CVSS: 7.5 CWE: N/A View on NVD
2021-07-29
High

CVE-2021-21546

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentiall…

CVSS: 7.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2021-07-27
Critical

CVE-2021-20399

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabilit…

CVSS: 9.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2021-07-22
Critical

CVE-2021-35522

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers t…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2021-35521

A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information discl…

CVSS: 5.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2021-35520

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of…

CVSS: 6.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2021-1094

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of se…

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2021-1089

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, an…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-07-21
Medium

CVE-2021-22770

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that inf…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-22728

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), an…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-22721

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), an…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-23283

Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.

CVSS: 7.5 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
High

CVE-2021-1099

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack.…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-1098

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2021-1097

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2021-07-20
High

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals inter…

CVSS: 7.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2021-07-19
Medium

CVE-2020-29503

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information…

CVSS: 4.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-07-16
High

CVE-2019-3752

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) In…

CVSS: 8.2 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2021-34457

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-34454

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-34440

GDI+ Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-21817

An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive in…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-21816

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An atta…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-07-15
Medium

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Low

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log…

CVSS: 3.3 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is tr…

CVSS: 5.3 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2021-07-14
Medium

CVE-2021-34519

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-34509

Storage Spaces Controller Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-34507

Windows Remote Assistance Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-34500

Windows Kernel Memory Information Disclosure Vulnerability

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2021-34496

Windows GDI Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-34491

Win32k Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-33783

Windows SMB Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-33766

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2021-33764

Windows Key Distribution Center Information Disclosure Vulnerability

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2021-33763

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-33760

Media Foundation Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-0654

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2021-0604

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no a…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-0601

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. Us…

CVSS: 5.5 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2021-0599

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information dis…

CVSS: 5.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
Medium

CVE-2021-0597

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclo…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2021-0596

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0590

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. T…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2021-0588

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution pr…

CVSS: 5.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2021-0518

In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User i…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical ac…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-33677

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.

CVSS: 7.5 CWE: N/A View on NVD
2021-07-12
Medium

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whethe…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-22917

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-22916

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS se…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-07-09
Medium

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, o…

CVSS: 6.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-07-08
Low

CVE-2021-25432

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat d…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-07-07
Medium

CVE-2021-22233

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2021-06-30
Critical

CVE-2021-22354

There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-20107

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kin…

CVSS: 5.4 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2021-34381

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, wh…

CVSS: 6.7 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2021-34380

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and infor…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-34378

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to informatio…

CVSS: 7.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2021-34377

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation…

CVSS: 7.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2021-34376

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of s…

CVSS: 7.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2021-34375

Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalatio…

CVSS: 7.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-34374

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escala…

CVSS: 7.7 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-34373

Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of…

CVSS: 7.9 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-06-29
High

CVE-2021-31530

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.

CVSS: 7.5 CWE: N/A View on NVD
2021-06-24
Medium

CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-25649

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system fu…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-06-22
Low

CVE-2021-34395

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited informati…

CVSS: 3.9 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2021-34394

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user t…

CVSS: 4.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2021-34393

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the dese…

CVSS: 4.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2021-34372

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation…

CVSS: 8.2 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD