Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

Visual Studio Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.

Windows Kernel Information Disclosure Vulnerability

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814.

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

Windows iSCSI Target Service Information Disclosure Vulnerability

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814.

The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability".

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

HTTP.sys Information Disclosure Vulnerability

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Event Tracing for Windows Information Disclosure Vulnerability

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Windows Cryptographic Information Disclosure Vulnerability

Windows Cryptographic Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

Windows (modem.sys) Information Disclosure Vulnerability

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Azure Active Directory Pod Identity Spoofing Vulnerability

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

TPM Device Driver Information Disclosure Vulnerability

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

PFX Encryption Security Feature Bypass Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Bot Framework SDK Information Disclosure Vulnerability

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.