CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 46/75 • 8949 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-05-10
High

CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2021-25848

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop co…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2021-25847

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop c…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2021-05-07
Medium

CVE-2020-36127

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the c…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2021-05-05
High

CVE-2020-5013

IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information…

CVSS: 8.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2021-05-04
High

CVE-2021-21551

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user acc…

CVSS: 8.8 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
2021-04-30
High

CVE-2021-21530

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerabi…

CVSS: 8.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2021-21537

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive infor…

CVSS: 6.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-21536

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in…

CVSS: 6.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-21534

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive informatio…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-04-29
High

CVE-2021-1086

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or…

CVSS: 7.1 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2021-1085

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been…

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-1084

NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure,…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-1083

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosur…

CVSS: 7.8 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2021-1082

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or deni…

CVSS: 7.8 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2021-1081

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosur…

CVSS: 7.8 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2021-1080

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or d…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-21997

Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information res…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2020-21990

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-04-27
High

CVE-2021-30638

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incompl…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2021-31671

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connec…

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2021-04-23
High

CVE-2021-31780

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event…

CVSS: 7.5 CWE: CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer View on NVD
Low

CVE-2020-36319

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestC…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-04-22
Medium

CVE-2021-0256

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of…

CVSS: 5.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
Medium

CVE-2021-28168

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of t…

CVSS: 6.2 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
2021-04-21
Medium

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of servic…

CVSS: 6.6 CWE: N/A View on NVD
High

CVE-2021-1074

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. T…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to e…

CVSS: 8.2 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2021-04-20
High

CVE-2021-20453

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose…

CVSS: 8.2 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Low

CVE-2021-3037

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged…

CVSS: 2.3 CWE: CWE-534 View on NVD
Medium

CVE-2021-3036

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the AP…

CVSS: 4.4 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2021-04-19
High

CVE-2021-27027

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2021-04-15
Medium

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remot…

CVSS: 4.3 CWE: N/A View on NVD
2021-04-13
High

CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gra…

CVSS: 8.0 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
Medium

CVE-2021-28456

Microsoft Excel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-28446

Windows Portmapping Information Disclosure Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2021-28442

Windows TCP/IP Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-28441

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-28437

Windows Installer Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28435

Windows Event Tracing Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28328

Windows DNS Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-28325

Windows SMB Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-28324

Windows SMB Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-28323

Windows DNS Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-178 - Improper Handling of Case Sensitivity View on NVD
Medium

CVE-2021-28318

Windows GDI+ Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28317

Microsoft Windows Codecs Library Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28309

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-27093

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-27079

Windows Media Photo Codec Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
Medium

CVE-2021-27067

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-26417

Windows Overlay Filter Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-21482

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful…

CVSS: 8.3 CWE: N/A View on NVD
Medium

CVE-2021-0471

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0444

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-0443

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2021-0436

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges n…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2021-0435

In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges n…

CVSS: 7.5 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2021-0431

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional executio…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0428

In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User exe…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2020-28590

An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2021-04-12
Medium

CVE-2021-29429

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable t…

CVSS: 4.0 CWE: CWE-377 - Insecure Temporary File View on NVD
Medium

CVE-2020-15942

An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to r…

CVSS: 4.3 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2021-04-08
High

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.

CVSS: 7.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2020-14099

On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a…

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2021-04-07
High

CVE-2020-11252

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer…

CVSS: 7.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
2021-04-02
Medium

CVE-2020-27946

An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojav…

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2021-30000

An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2021-03-30
High

CVE-2021-20502

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informati…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2021-20482

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to ex…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2021-03-26
Medium

CVE-2021-22184

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.

CVSS: 6.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2021-03-25
Low

CVE-2021-25350

Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.

CVSS: 2.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-23
High

CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs c…

CVSS: 7.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
Medium

CVE-2021-21376

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups t…

CVSS: 6.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-22
Medium

CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in…

CVSS: 5.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2021-03-17
Medium

CVE-2020-11221

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosu…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-11199

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdr…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-16
High

CVE-2021-28295

Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2021-03-15
Medium

CVE-2020-27290

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs t…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-11
Medium

CVE-2021-27075

Azure Virtual Machine Information Disclosure Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2021-27052

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-26884

Windows Media Photo Codec Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-26869

Windows ActiveX Installer Service Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-26859

Microsoft Power BI Information Disclosure Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
Medium

CVE-2021-24107

Windows Event Tracing Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
2021-03-10
Medium

CVE-2021-3034

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demist…

CVSS: 5.1 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2021-0463

In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execu…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0460

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User…

CVSS: 4.4 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2021-0459

In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0458

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User…

CVSS: 4.4 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2021-0453

In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User i…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2021-0452

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User i…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2021-0451

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User i…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2021-0450

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User i…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2021-0449

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User i…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2021-0382

In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional exe…

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2021-0381

In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution p…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2021-0379

In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges n…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0394

In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional exe…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0378

In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0374

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execu…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-0368

In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. Us…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2021-3310

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-03-09
Low

CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for re…

CVSS: 3.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-21361

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in…

CVSS: 5.3 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2021-21360

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information di…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-08
Medium

CVE-2021-21336

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability -…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-03-04
High

CVE-2019-18630

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable c…

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
Medium

CVE-2019-18628

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to tu…

CVSS: 4.9 CWE: N/A View on NVD
2021-03-03
Low

CVE-2021-21331

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on…

CVSS: 3.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
Medium

CVE-2020-28591

An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2021-02-26
Medium

CVE-2021-0404

In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-0403

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is…

CVSS: 4.4 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.

CVSS: 9.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2019-18947

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.

CVSS: 3.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-02-25
Medium

CVE-2021-24114

Microsoft Teams iOS Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
Medium

CVE-2021-24106

Windows DirectX Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-24101

Microsoft Dataverse Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-24100

Microsoft Edge for Android Information Disclosure Vulnerability

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2021-24084

Windows Mobile Device Management Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2021-24079

Windows Backup Engine Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD