Astra Linux – Vulnerability in Intel Microcode

Observable timing discrepancies in some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

CVE-2025-22172

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission...

The vulnerability of Prisma Access Browser, related to the disclosure of information through caching, allows attackers to circumvent existing security restrictions and disclose the protected information.

The vulnerability of Prisma Access Browser is related to the disclosure of information through caching. Exploiting this vulnerability allows a remote attacker to bypass existing security restrictions and disclose the protected information...

The vulnerability of Adobe Illustrator’s graphic editor, related to reading data beyond the buffer in memory, allows attackers to exploit this to disclose protected information.

The vulnerability of Adobe Illustrator graphic editor is related to reading beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created file...

PT-2024-37362 · Rockwell Automation · Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Input Analyzer affected versions not specified Description: A memory corruption issue exists when parsing DFT files, allowing local threat actors to disclose information and execute arbitrary code by opening a...

Intel Processors 输入验证错误漏洞

Intel Processors is a U.S. Intel Corporation's provides for interpreting computer instructions and processing data in computer software. An input validation error vulnerability exists in Intel Processors, which can be exploited by a privileged attacker to conduct an information disclosure or deni...

PT-2024-6243 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to an uninitialized pointer in the Windows Networking service, which can be exploited by a remote attacker to disclose protected information. This can potentially...

The vulnerability of the twisted.web network framework’s component, which allows a hacker to disclose protected information

The vulnerability of the twisted.web network framework’s component is related to improper handling of HTTP requests. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the framework...

The vulnerability of the Netty network programming framework arises from the existence of interpretation conflicts, which allow attackers to disclose and modify protected information.

The vulnerability of the Netty network programming framework is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a remote attacker to disclose and modify the protected information...

kernel: AMD: Cross-Thread Return Address Predictions

A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure...

JTEKT ELECTRONICS OnSinView2 Buffer Error Vulnerability

JTEKT ELECTRONICS OnSinView2 is an application from JTEKT ELECTRONICS, Inc. A security vulnerability exists in JTEKT ELECTRONICS OnSinView2 version 2.0.1 and prior versions, which stems from an improperly restricted operation within a memory buffer. The vulnerability can be exploited by an attack...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 CyVDB-3042 Information disclosure in multiple applications CWE-200 - CVE-2022-29512 CyVDB-3111 Improper input...

CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

The vulnerability of the Microsoft Visual Basic development environment and the Microsoft Office suite relates to the disclosure of information in the error-prone data area, allowing the disclosure of protected information.

The vulnerability of the Microsoft Visual Basic development environment and the Microsoft Office suite is related to the disclosure of sensitive information in error-prone data areas. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the Intl component in the Symfony software development and web application management platform allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Intl component in the Symfony software development and web application management platform exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by...

Cisco Prime Infrastructure server backup sensitive information disclosure vulnerability

Cisco Prime Infrastructure is an enterprise network management solution. A security vulnerability in the handling of GET requests by the Cisco Prime Infrastructure server backup allows remote attackers to exploit the vulnerability to submit a special request that could obtain sensitive informatio...