Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-14979 | Information Exposure vulnerability in Asus Zenfone 3 MAX Firmware 7.0.0.55 The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). | 4.7 |
| 2018-12-28 | CVE-2018-20571 | Information Exposure vulnerability in Damicms 6.0.1 DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | 7.5 |
| 2018-12-27 | CVE-2018-20511 | Information Exposure vulnerability in multiple products An issue was discovered in the Linux kernel before 4.18.11. | 5.5 |
| 2018-12-26 | CVE-2018-11741 | Information Exposure vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00 NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | 9.8 |
| 2018-12-26 | CVE-2018-20483 | Information Exposure vulnerability in GNU Wget set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. | 7.8 |
| 2018-12-26 | CVE-2018-20478 | Information Exposure vulnerability in S-Cms 1.0 An issue was discovered in S-CMS 1.0. | 7.5 |
| 2018-12-24 | CVE-2018-8919 | Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | 9.8 |
| 2018-12-23 | CVE-2018-20371 | Information Exposure vulnerability in Photorange Photo Vault Project Photorange Photo Vault 1.2 PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on. | 9.8 |
| 2018-12-20 | CVE-2018-18441 | Information Exposure vulnerability in multiple products D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. | 7.5 |
| 2018-12-20 | CVE-2018-17244 | Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2 Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. | 6.5 |