Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-42132 | Information Exposure vulnerability in Liferay Digital Experience Platform 7.0/7.1/7.2 The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. | 5.9 |
| 2022-11-02 | CVE-2022-33878 | Information Exposure vulnerability in Fortinet Forticlient An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal. | 5.5 |
| 2022-11-02 | CVE-2022-35842 | Information Exposure vulnerability in Fortinet Fortios An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. | 7.5 |
| 2022-10-25 | CVE-2022-27912 | Information Exposure vulnerability in Joomla Joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.3. | 5.3 |
| 2022-10-17 | CVE-2020-8975 | Information Exposure vulnerability in Zigor ZGR Tps200 NG Firmware 2.00 ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system. | 7.5 |
| 2022-10-11 | CVE-2022-35296 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | 4.9 |
| 2022-10-07 | CVE-2022-39848 | Information Exposure vulnerability in Google Android 10.0/11.0/12.0 Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | 3.3 |
| 2022-09-30 | CVE-2022-32540 | Information Exposure vulnerability in Bosch products Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. | 5.9 |
| 2022-09-23 | CVE-2022-32219 | Information Exposure vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). | 4.3 |
| 2022-09-12 | CVE-2022-31221 | Information Exposure vulnerability in Dell products Dell BIOS versions contain an Information Exposure vulnerability. | 2.3 |