Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-20307 | Information Exposure vulnerability in Pulsesecure Virtual Traffic Manager 10.4/17.2/9.9 Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | 4.3 |
| 2018-12-19 | CVE-2018-16883 | Information Exposure vulnerability in Fedoraproject Sssd sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. | 5.5 |
| 2018-12-18 | CVE-2017-15031 | Information Exposure vulnerability in ARM Arm-Trusted-Firmware In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | 7.5 |
| 2018-12-17 | CVE-2018-7812 | Information Exposure vulnerability in Schneider-Electric products An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 7.5 |
| 2018-12-17 | CVE-2018-19976 | Information Exposure vulnerability in Virustotal Yara 3.8.1 In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. | 5.5 |
| 2018-12-17 | CVE-2017-1272 | Information Exposure vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. | 5.3 |
| 2018-12-17 | CVE-2018-20170 | Information Exposure vulnerability in Openstack Keystone OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. | 5.3 |
| 2018-12-17 | CVE-2017-18355 | Information Exposure vulnerability in Google Rendertron 1.0.0 Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files. | 7.5 |
| 2018-12-14 | CVE-2018-20154 | Information Exposure vulnerability in Designmodo WP Maintenance Mode The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. | 4.3 |
| 2018-12-14 | CVE-2018-20151 | Information Exposure vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. | 7.5 |