Filtered by CWE-212
Filtered by vendor Subscriptions
Total 117 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-21282 4 Debian, Netapp, Oracle and 1 more 23 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 20 more 2024-11-21 5.3 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-21151 3 Debian, Intel, Netapp 796 Debian Linux, Celeron J1750, Celeron J1750 Firmware and 793 more 2024-11-21 5.5 Medium
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-1893 1 Trudesk Project 1 Trudesk 2024-11-21 4.6 Medium
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1650 3 Debian, Eventsource, Redhat 11 Debian Linux, Eventsource, Ceph Storage and 8 more 2024-11-21 8.1 High
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
CVE-2022-1353 4 Debian, Linux, Netapp and 1 more 21 Debian Linux, Linux Kernel, H300e and 18 more 2024-11-21 7.1 High
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-0851 2 Convert2rhel Project, Redhat 3 Convert2rhel, Convert2rhel, Enterprise Linux 2024-11-21 5.5 Medium
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.
CVE-2022-0722 2 Parse-url Project, Redhat 2 Parse-url, Jboss Enterprise Bpms Platform 2024-11-21 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-0536 2 Follow-redirects Project, Redhat 7 Follow-redirects, Acm, Openshift Data Foundation and 4 more 2024-11-21 2.6 Low
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
CVE-2022-0355 1 Simple-get Project 1 Simple-get 2024-11-21 8.8 High
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
CVE-2022-0171 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
CVE-2021-46813 1 Huawei 2 Emui, Magic Ui 2024-11-21 7.5 High
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46148 1 Mediawiki 1 Mediawiki 2024-11-21 6.5 Medium
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.
CVE-2021-45116 3 Djangoproject, Fedoraproject, Redhat 4 Django, Fedora, Satellite and 1 more 2024-11-21 7.5 High
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
CVE-2021-3681 1 Redhat 2 Ansible Automation Platform, Ansible Galaxy 2024-11-21 5.5 Medium
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.
CVE-2021-3602 2 Buildah Project, Redhat 4 Buildah, Enterprise Linux, Enterprise Linux For Ibm Z Systems and 1 more 2024-11-21 5.5 Medium
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
CVE-2021-3031 1 Paloaltonetworks 14 Pa-200, Pa-2020, Pa-2050 and 11 more 2024-11-21 4.3 Medium
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
CVE-2021-39891 1 Gitlab 1 Gitlab 2024-11-21 5.9 Medium
In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.
CVE-2021-38554 1 Hashicorp 1 Vault 2024-11-21 5.3 Medium
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
CVE-2021-33117 2 Intel, Netapp 55 Bios, Xeon Gold 5315y, Xeon Gold 5317 and 52 more 2024-11-21 5.5 Medium
Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.
CVE-2021-33082 1 Intel 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more 2024-11-21 4.6 Medium
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.