Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13352 | Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03 Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | 7.5 |
| 2018-11-27 | CVE-2018-10142 | Information Exposure vulnerability in Paloaltonetworks Expedition 1.0.106 The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | 7.5 |
| 2018-11-27 | CVE-2018-6266 | Information Exposure vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | 5.5 |
| 2018-11-27 | CVE-2018-19609 | Information Exposure vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. | 6.5 |
| 2018-11-26 | CVE-2018-13319 | Information Exposure vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | 7.5 |
| 2018-11-26 | CVE-2018-16862 | Information Exposure vulnerability in multiple products A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). | 5.5 |
| 2018-11-21 | CVE-2018-1843 | Information Exposure vulnerability in IBM Cloud Private 3.1.0 The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. | 4.1 |
| 2018-11-20 | CVE-2018-18865 | Information Exposure vulnerability in Royalapplications Royal TS The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | 8.1 |
| 2018-11-20 | CVE-2018-16224 | Information Exposure vulnerability in Ismartalarm Cubeone Firmware Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. | 5.3 |
| 2018-11-19 | CVE-2018-1841 | Information Exposure vulnerability in IBM Cloud Private 2.1.0 IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. | 5.5 |