Visual Studio Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

Windows iSCSI Target Service Information Disclosure Vulnerability

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Event Tracing for Windows Information Disclosure Vulnerability

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Windows Cryptographic Information Disclosure Vulnerability

Windows Cryptographic Information Disclosure Vulnerability

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

Windows (modem.sys) Information Disclosure Vulnerability

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Azure Active Directory Pod Identity Spoofing Vulnerability

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

TPM Device Driver Information Disclosure Vulnerability

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

PFX Encryption Security Feature Bypass Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Bot Framework SDK Information Disclosure Vulnerability

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

Windows Kernel-Mode Driver Information Disclosure Vulnerability

Windows Resilient File System (ReFS) Information Disclosure Vulnerability

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.

Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Windows Kernel Memory Information Disclosure Vulnerability

Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.

Windows Authentication Information Disclosure Vulnerability