Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-2582 Information Exposure vulnerability in Redhat Keycloak
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property.
network
low complexity
redhat CWE-200
6.5
2018-07-26 CVE-2017-12167 Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
local
low complexity
redhat CWE-200
5.5
2018-07-25 CVE-2018-14083 Information Exposure vulnerability in Lica Minicmts E8K Firmware
LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash.
network
low complexity
lica CWE-200
7.5
2018-07-24 CVE-2018-10627 Information Exposure vulnerability in Echelon products
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions.
network
low complexity
echelon CWE-200
critical
9.8
2018-07-24 CVE-2018-5386 Information Exposure vulnerability in Navarino Infinity 2.2
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
network
low complexity
navarino CWE-200
7.5
2018-07-24 CVE-2016-5649 Information Exposure vulnerability in Netgear Dgn2200 Firmware and Dgnd3700 Firmware
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication.
network
low complexity
netgear CWE-200
critical
9.8
2018-07-24 CVE-2016-5638 Information Exposure vulnerability in Netgear Wndr4500 Firmware 1.0.1.401.0.6877
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877.
network
low complexity
netgear CWE-200
7.5
2018-07-24 CVE-2017-18104 Information Exposure vulnerability in Atlassian Jira
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
network
high complexity
atlassian CWE-200
5.9
2018-07-23 CVE-2018-14328 Information Exposure vulnerability in Brynamics Online Trade
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username, database password, database_name, and IP address fields, related to CVE-2018-12908.
network
low complexity
brynamics CWE-200
critical
9.8
2018-07-23 CVE-2018-1999006 Information Exposure vulnerability in Jenkins
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
network
low complexity
jenkins CWE-200
4.3