High
CVE-2020-0861
An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to…
Tag: Information Disclosure
All CVEs associated with "Information Disclosure". Page 54/75 • 8949 CVEs.
Subscribe CVEs: RSS for “Information Disclosure” · RSS (High+Critical only)
About “Information Disclosure”
A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2020-03-12
Medium
CVE-2020-0859
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
Medium
CVE-2020-0853
An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerab…
Medium
CVE-2020-0820
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.
High
CVE-2020-0813
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s compute…
Medium
CVE-2020-0775
An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the vic…
Medium
CVE-2020-0774
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…
Medium
CVE-2020-0765
An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Rem…
2020-03-11
High
CVE-2020-5958
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may…
High
CVE-2019-5134
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO P…
2020-03-10
Medium
CVE-2020-6178
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
Medium
CVE-2020-0087
In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges neede…
High
CVE-2020-0062
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interac…
Medium
CVE-2020-0057
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges…
Medium
CVE-2020-0056
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution priv…
Medium
CVE-2020-0055
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional executi…
Medium
CVE-2020-0049
In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privilege…
Medium
CVE-2020-0048
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges neede…
Medium
CVE-2020-0061
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User…
Medium
CVE-2020-0060
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges need…
Medium
CVE-2020-0059
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no…
Medium
CVE-2020-0058
In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. U…
Medium
CVE-2020-0044
In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User i…
Medium
CVE-2020-0043
In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.…
Medium
CVE-2020-0042
In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution priv…
High
CVE-2020-0039
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution priv…
High
CVE-2020-0038
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution priv…
High
CVE-2020-0037
In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution p…
Medium
CVE-2020-0035
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privile…
High
CVE-2020-0034
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, wit…
Medium
CVE-2020-0031
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local i…
Low
CVE-2020-0029
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System executio…
High
CVE-2019-12446
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.
Medium
CVE-2019-12434
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked…
Medium
CVE-2019-12432
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the…
2020-03-06
Medium
CVE-2020-10110
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache head…
2020-03-04
High
CVE-2020-7130
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Po…
2020-02-27
Medium
CVE-2018-8878
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal n…
Medium
CVE-2018-8877
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal n…
Medium
CVE-2020-7061
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated…
2020-02-19
High
CVE-2020-3945
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize O…
2020-02-17
High
CVE-2020-1692
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
2020-02-14
Medium
CVE-2019-6194
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
High
CVE-2019-6193
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may cont…
High
CVE-2013-5687
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.
2020-02-13
High
CVE-2012-6091
Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability.
Medium
CVE-2019-14598
Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to po…
High
CVE-2020-3759
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure.
High
CVE-2020-3755
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successf…
High
CVE-2020-3747
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successf…
High
CVE-2020-3744
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successf…
Medium
CVE-2020-0028
In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution…
Medium
CVE-2020-0023
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosu…
Medium
CVE-2020-0020
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosu…
Medium
CVE-2020-0018
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. Us…
Medium
CVE-2020-0017
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution…
High
CVE-2019-5322
A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerabilit…
Medium
CVE-2018-3987
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces…
2020-02-12
Medium
CVE-2020-6190
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installati…
Medium
CVE-2020-6189
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would o…
High
CVE-2011-3901
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.
Medium
CVE-2013-6681
Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability
2020-02-11
Medium
CVE-2020-0756
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would ha…
Medium
CVE-2020-0755
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would ha…
Medium
CVE-2020-0748
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would ha…
Medium
CVE-2020-0746
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
Medium
CVE-2020-0744
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted syst…
Medium
CVE-2020-0736
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.
Medium
CVE-2020-0728
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
Medium
CVE-2020-0717
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020…
Medium
CVE-2020-0716
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020…
Medium
CVE-2020-0714
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.
Medium
CVE-2020-0706
An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'.
Medium
CVE-2020-0705
An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to…
Medium
CVE-2020-0698
An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'.
Medium
CVE-2020-0677
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would ha…
Medium
CVE-2020-0676
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would ha…
Medium
CVE-2020-0675
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would ha…
Medium
CVE-2020-0658
An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Infor…
2020-02-10
Medium
CVE-2012-5828
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error
Medium
CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause functi…
Medium
CVE-2020-7059
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function…
2020-02-07
Medium
CVE-2013-3636
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
2020-02-06
Medium
CVE-2013-2683
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
Medium
CVE-2012-6341
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the co…
Medium
CVE-2019-20403
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.
2020-02-05
Low
CVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper la…
Medium
CVE-2020-7974
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
High
CVE-2020-7969
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
2020-02-04
High
CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem…
High
CVE-2020-6059
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which c…
Medium
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or br…
High
CVE-2013-2676
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.
Critical
CVE-2013-7055
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
High
CVE-2011-4937
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
High
CVE-2011-3629
Joomla! core 1.7.1 allows information disclosure due to weak encryption
2020-02-03
High
CVE-2013-2674
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling o…
2020-01-31
Medium
CVE-2020-7955
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
2020-01-29
Medium
CVE-2020-3758
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive…
High
CVE-2020-3719
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information…
Medium
CVE-2020-3717
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information…
Medium
CVE-2020-3715
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive…
2020-01-28
High
CVE-2013-1602
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.0…
Medium
CVE-2013-1601
An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists…
High
CVE-2019-4707
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen…
High
CVE-2020-1940
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates…
High
CVE-2019-5470
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.
Medium
CVE-2019-5465
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
High
CVE-2019-15583
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, th…
Medium
CVE-2019-15579
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project…
Medium
CVE-2019-15578
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be di…
Medium
CVE-2020-1932
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed pa…
Medium
CVE-2020-1928
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a s…
Medium
CVE-2020-0549
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Medium
CVE-2020-0548
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
2020-01-26
High
CVE-2020-3142
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the me…
2020-01-24
High
CVE-2013-1594
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
2020-01-23
Medium
CVE-2013-4176
mysecureshell 1.31: Local Information Disclosure Vulnerability
Medium
CVE-2019-19837
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
2020-01-21
Medium
CVE-2020-1788
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another applicati…