CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 53/75 • 8949 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-05-15
High

CVE-2020-1808

Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P1…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-05-14
Medium

CVE-2020-0106

In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional executio…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2020-0104

In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0101

In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed.…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2020-0100

In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additiona…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privile…

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-0092

In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosur…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-4299

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.

CVSS: 4.3 CWE: N/A View on NVD
2020-05-13
Medium

CVE-2020-12700

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2020-05-12
High

CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information…

CVSS: 8.0 CWE: N/A View on NVD
Medium

CVE-2020-6250

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password lead…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2020-8151

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak inf…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-05-07
High

CVE-2015-7946

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dial…

CVSS: 7.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2019-18865

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.

CVSS: 5.3 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
2020-05-06
Medium

CVE-2020-4092

"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the settin…

CVSS: 5.3 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2020-05-04
High

CVE-2020-5331

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious…

CVSS: 8.8 CWE: CWE-598 - Use of HTTP Request With Sensitive Query String View on NVD
Medium

CVE-2020-10618

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authoriz…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2020-11842

Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenti…

CVSS: 7.5 CWE: N/A View on NVD
2020-04-27
High

CVE-2020-1806

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters recei…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-1805

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters recei…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-1804

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters recei…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-04-24
High

CVE-2020-12070

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-se…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-11013

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the…

CVSS: 8.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2020-7131

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerabili…

CVSS: 9.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
2020-04-21
Low

CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to ide…

CVSS: 3.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-1699

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated a…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-04-20
Medium

CVE-2020-9070

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user…

CVSS: 5.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2020-1803

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosur…

CVSS: 5.3 CWE: CWE-287 - Improper Authentication View on NVD
2020-04-17
Medium

CVE-2020-0077

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileg…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-0075

In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-0068

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges nee…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-0067

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. U…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-2056

There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User int…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-20775

An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is L…

CVSS: 5.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2020-04-16
Medium

CVE-2019-10608

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad sessi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-10523

Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapd…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-04-15
High

CVE-2020-1018

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-1016

An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerabi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-1007

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-1005

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerabili…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0987

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerabili…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-0982

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerabili…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0962

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0955

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0952

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-0947

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0946

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0945

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0939

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0937

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0821

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0699

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020…

CVSS: 5.5 CWE: N/A View on NVD
2020-04-14
Critical

CVE-2020-6195

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to ga…

CVSS: 9.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2020-6237

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2020-6224

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace file…

CVSS: 6.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2020-6218

Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Infor…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2020-7801

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-04-10
Low

CVE-2020-9056

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript i…

CVSS: 3.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2020-5330

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77…

CVSS: 8.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-1801

There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, succ…

CVSS: 5.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discover…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2019-7305

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-…

CVSS: 5.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-04-08
Medium

CVE-2020-1628

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, lea…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2020-1987

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting log…

CVSS: 3.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-21076

An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The S…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-106…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-21069

An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-1…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-21067

An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018).

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2018-21043

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of loggi…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-11605

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (Apri…

CVSS: 7.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2018-21083

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2020-4164

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system…

CVSS: 2.7 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2017-18643

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-04-07
High

CVE-2017-18688

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. There is an information disclosure (of memory locations outside a buffer) via /dev/dsm_ctrl_dev. The Samsun…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-04-06
Medium

CVE-2020-11585

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in…

CVSS: 4.3 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
2020-04-01
Medium

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if…

CVSS: 6.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-03-30
Low

CVE-2020-9055

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stor…

CVSS: 3.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2020-8509

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2020-03-25
Medium

CVE-2020-3791

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosur…

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-3782

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosur…

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-3781

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosur…

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-3778

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-3777

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosur…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-3771

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosur…

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-3769

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2020-3806

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-3804

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-3800

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-03-24
Low

CVE-2019-20625

An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2…

CVSS: 3.3 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Critical

CVE-2019-20596

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June…

CVSS: 9.1 CWE: N/A View on NVD
2020-03-19
High

CVE-2020-7006

Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availabi…

CVSS: 8.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2019-15656

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-03-15
High

CVE-2019-9474

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction i…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2019-9473

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction i…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-2088

In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-2058

In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Pro…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-03-13
Medium

CVE-2019-18576

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files ma…

CVSS: 6.7 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2019-13194

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a spe…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2020-10090

GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2020-10085

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-10080

GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.ph…

CVSS: 6.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2019-16157

An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-03-12
Medium

CVE-2020-0551

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The…

CVSS: 5.6 CWE: N/A View on NVD
Medium

CVE-2020-0550

Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products i…

CVSS: 5.6 CWE: N/A View on NVD
Medium

CVE-2020-0574

Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical a…

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2020-0505

Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially en…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2020-0503

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0885

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2020-0882

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-0880

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-0879

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted syst…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-0876

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2020-0874

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted syst…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0871

An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vul…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-0863

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Informat…

CVSS: 5.5 CWE: N/A View on NVD