CWE-200

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their “company” tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.

An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka ‘Windows Update Client Information Disclosure Vulnerability’.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1345.