Windows Cryptographic Services Information Disclosure Vulnerability
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
Windows GDI Information Disclosure Vulnerability
GDI+ Information Disclosure Vulnerability
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.
.NET Core and Visual Studio Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Media Foundation Information Disclosure Vulnerability
Windows Bind Filter Driver Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.
Windows Kernel Information Disclosure Vulnerability
Windows CSC Service Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Overlay Filter Information Disclosure Vulnerability
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
Windows DirectX Information Disclosure Vulnerability
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Error Reporting Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Windows Error Reporting Information Disclosure Vulnerability
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows DWM Core Library Information Disclosure Vulnerability
Bot Framework SDK Information Disclosure Vulnerability