Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
Windows Portmapping Information Disclosure Vulnerability
Windows Event Tracing Information Disclosure Vulnerability
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
Windows Kernel Information Disclosure Vulnerability
Windows ActiveX Installer Service Information Disclosure Vulnerability
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.
Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.
Windows Overlay Filter Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Microsoft Office Graphics Component Information Disclosure Vulnerability
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.
Windows Backup Engine Information Disclosure Vulnerability
Windows Event Tracing Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
Windows Mobile Device Management Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting how Text Services Framework handles objects in memory.</p>
Microsoft Windows VMSwitch Information Disclosure Vulnerability
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
Windows Group Policy Security Feature Bypass Vulnerability
Windows Cryptographic Services Information Disclosure Vulnerability
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
Windows Cryptographic Services Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Windows Distributed File System (DFS) Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.