Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2021-40180 Information Exposure vulnerability in Tencent Wechat 8.0.10
In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.
network
low complexity
tencent CWE-200
7.5
2022-07-18 CVE-2022-30625 Information Exposure vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory.
network
low complexity
chcnav CWE-200
5.3
2022-07-14 CVE-2022-2401 Information Exposure vulnerability in Mattermost Server
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.
network
low complexity
mattermost CWE-200
6.5
2022-07-14 CVE-2021-39019 Information Exposure vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user.
network
low complexity
ibm CWE-200
6.5
2022-07-14 CVE-2022-1662 Information Exposure vulnerability in Convert2Rhel Project Convert2Rhel 0.24/0.25
In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel.
local
low complexity
convert2rhel-project CWE-200
5.5
2022-07-12 CVE-2011-4916 Information Exposure vulnerability in Linux Kernel
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
local
low complexity
linux CWE-200
5.5
2022-07-12 CVE-2020-4159 Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.
network
low complexity
ibm CWE-200
7.5
2022-07-11 CVE-2022-29512 Information Exposure vulnerability in Cybozu Garoon
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
network
low complexity
cybozu CWE-200
6.5
2022-07-05 CVE-2022-33741 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1
2022-07-05 CVE-2022-33742 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1