Vulnerabilities > Information Exposure
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-07 | CVE-2022-27490 | Information Exposure vulnerability in Fortinet products A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | 6.5 |
2023-03-07 | CVE-2022-41329 | Information Exposure vulnerability in Fortinet Fortios and Fortiproxy An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. | 5.3 |
2023-03-04 | CVE-2023-25819 | Information Exposure vulnerability in Discourse Discourse is an open source platform for community discussion. | 5.3 |
2023-02-27 | CVE-2023-27266 | Information Exposure vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
2023-02-16 | CVE-2023-22580 | Information Exposure vulnerability in Sequelizejs Sequelize Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | 7.5 |
2023-02-14 | CVE-2023-0020 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.1 |
2023-02-10 | CVE-2022-46650 | Information Exposure vulnerability in Sierrawireless Aleos Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | 4.9 |
2023-01-26 | CVE-2023-0321 | Information Exposure vulnerability in Campbellsci products Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. | 9.1 |
2023-01-26 | CVE-2023-23613 | Information Exposure vulnerability in Amazon Opensearch OpenSearch is an open source distributed and RESTful search engine. | 6.5 |
2023-01-20 | CVE-2022-39193 | Information Exposure vulnerability in Mediawiki 1.39.0/1.39.1 An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. | 5.3 |