CWE-200

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link (VS Code textDocument/documentLink). The handler accepted arbitrary paths — absolute, relative with parent-directory segments (..\..\..\), UNC (\\server\share\), and arbitrary subfolders — and called File.Exists on each to decide whether to render the link. Two distinct attack surfaces resulted: information disclosure via File.Exists probing and NTLM hash leak via UNC path probing. This issue has been patched in version 1.0.2.

YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records.

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2. This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.

MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted MySQL servers without explicitly disabling the local infile capability. Mydumper has the local infile option enabled by default and does not have an option to disable it. This can lead to an unexpected arbitrary file read if the Mydumper tool connects to an untrusted server. This vulnerability is fixed in 0.18.2-8.

@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates. ### Patches Not yet patched. ### Workarounds None available. Private or limited-visibility categories should not be considered ways to store sensitive information. ### References Internal: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114)

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63.

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.

A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1.

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.

The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.

The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.

The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.