An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0987, CVE-2020-1005.
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'.
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0699.
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882.
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0716.
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756.
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.
An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.
Microsoft Graphics Component Denial of Service Vulnerability
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.
<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files.</p> <p>The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.</p>
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.
An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615.
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows TCP/IP Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Common Log File System Driver Information Disclosure Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
Windows Cryptographic Services Information Disclosure Vulnerability
Windows Group Policy Security Feature Bypass Vulnerability
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Windows Kernel Information Disclosure Vulnerability
ASP.NET Core Security Feature Bypass Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Microsoft DirectMusic Information Disclosure Vulnerability
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Windows Cryptographic Information Disclosure Vulnerability
Windows Installer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access.
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
Visual Studio Information Disclosure Vulnerability
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
Windows Bluetooth Driver Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information Disclosure Vulnerability'.