Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2023-03-07 CVE-2022-27490 Information Exposure vulnerability in Fortinet products
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
network
low complexity
fortinet CWE-200
6.5
2023-03-07 CVE-2022-41329 Information Exposure vulnerability in Fortinet Fortios and Fortiproxy
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.
network
low complexity
fortinet CWE-200
5.3
2023-03-04 CVE-2023-25819 Information Exposure vulnerability in Discourse
Discourse is an open source platform for community discussion.
network
low complexity
discourse CWE-200
5.3
2023-02-27 CVE-2023-27266 Information Exposure vulnerability in Mattermost Server
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
network
low complexity
mattermost CWE-200
2.7
2023-02-16 CVE-2023-22580 Information Exposure vulnerability in Sequelizejs Sequelize
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.
network
low complexity
sequelizejs CWE-200
7.5
2023-02-14 CVE-2023-0020 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
7.1
2023-02-10 CVE-2022-46650 Information Exposure vulnerability in Sierrawireless Aleos
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
network
low complexity
sierrawireless CWE-200
4.9
2023-01-26 CVE-2023-0321 Information Exposure vulnerability in Campbellsci products
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network.
network
low complexity
campbellsci CWE-200
critical
9.1
2023-01-26 CVE-2023-23613 Information Exposure vulnerability in Amazon Opensearch
OpenSearch is an open source distributed and RESTful search engine.
network
low complexity
amazon CWE-200
6.5
2023-01-20 CVE-2022-39193 Information Exposure vulnerability in Mediawiki 1.39.0/1.39.1
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x.
network
low complexity
mediawiki CWE-200
5.3