Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
Windows Cryptographic Information Disclosure Vulnerability
Windows Cryptographic Information Disclosure Vulnerability
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access.
Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Microsoft Windows Codecs Library Information Disclosure Vulnerability
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability
Windows Package Library Manager Information Disclosure Vulnerability
Security Center Broker Information Disclosure Vulnerability
Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.
Microsoft Office Information Disclosure Vulnerability
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
HTTP.sys Information Disclosure Vulnerability
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
Windows Kernel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access.
Windows Graphics Component Information Disclosure Vulnerability
Windows Kernel-Mode Driver Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Microsoft Windows Codecs Library Information Disclosure Vulnerability
Windows Authentication Information Disclosure Vulnerability
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
Microsoft Message Queuing Information Disclosure Vulnerability
Windows iSCSI Target Service Information Disclosure Vulnerability
IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.
Windows Kernel Information Disclosure Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
<p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting how Text Services Framework handles objects in memory.</p>
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>
Windows MSCTF Server Information Disclosure Vulnerability
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability
Windows Camera Codec Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
WebP Image Extensions Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows KernelStream handles objects in memory.</p>
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability