Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO.

Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information. File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class  https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99  and was introduced by  https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default. Moreover, the temporary file gets deleted soon after its creation. The solution is to use  Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...)  instead. We recommend that all users upgrade to the latest version of Apache Storm.

A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.

App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.

An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436.

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.

virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.

The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245.

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.

Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability through a software change to the OAEP decoding operations.