Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2022-43959 Information Exposure vulnerability in Bitrix24 20.0.0/20.0.975/22.0.300
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
network
low complexity
bitrix24 CWE-200
4.9
2023-01-18 CVE-2022-45103 Information Exposure vulnerability in Dell products
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability.
network
low complexity
dell CWE-200
6.5
2023-01-05 CVE-2022-23546 Information Exposure vulnerability in Discourse
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information.
local
low complexity
discourse CWE-200
5.5
2023-01-04 CVE-2022-46081 Information Exposure vulnerability in Garmin Connect 4.61
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information.
network
low complexity
garmin CWE-200
7.5
2022-12-30 CVE-2022-42266 Information Exposure vulnerability in Nvidia Cloud Gaming and Virtual GPU
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.
local
low complexity
nvidia CWE-200
3.3
2022-12-22 CVE-2022-31746 Information Exposure vulnerability in Mozilla Firefox
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header.
network
low complexity
mozilla CWE-200
6.5
2022-12-22 CVE-2022-25948 Information Exposure vulnerability in Liquidjs
The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype.
network
low complexity
liquidjs CWE-200
5.3
2022-12-13 CVE-2022-46355 Information Exposure vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
network
low complexity
siemens CWE-200
7.5
2022-12-08 CVE-2022-39904 Information Exposure vulnerability in Google Android 10.0/11.0/12.0
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.
local
low complexity
google CWE-200
3.3
2022-11-23 CVE-2022-38113 Information Exposure vulnerability in Solarwinds Security Event Manager 2022.4
This vulnerability discloses build and services versions in the server response header.
network
low complexity
solarwinds CWE-200
5.3