Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-17 | CVE-2021-44145 | Information Exposure vulnerability in Apache Nifi In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. | 6.5 |
| 2021-12-17 | CVE-2021-45038 | Information Exposure vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 5.3 |
| 2021-12-16 | CVE-2021-45095 | Information Exposure vulnerability in multiple products pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | 5.5 |
| 2021-12-15 | CVE-2021-0983 | Information Exposure vulnerability in Google Android 12.1 In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. | 3.3 |
| 2021-12-15 | CVE-2021-1023 | Information Exposure vulnerability in Google Android 12.0 In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.0 |
| 2021-12-13 | CVE-2021-38901 | Information Exposure vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. | 5.5 |
| 2021-12-13 | CVE-2021-39941 | Information Exposure vulnerability in Gitlab An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members | 5.3 |
| 2021-12-13 | CVE-2018-25022 | Information Exposure vulnerability in Toktok Toxcore The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node. | 3.1 |
| 2021-12-10 | CVE-2021-37935 | Information Exposure vulnerability in Huntflow Enterprise An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. | 7.5 |
| 2021-12-08 | CVE-2021-43536 | Information Exposure vulnerability in multiple products Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. | 6.5 |