Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-17 | CVE-2018-13860 | Information Exposure vulnerability in Trivum C4 Professional Firmware 8.76 MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. | 7.5 |
| 2018-07-17 | CVE-2018-14333 | Information Exposure vulnerability in Teamviewer TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running. | 8.1 |
| 2018-07-16 | CVE-2018-10857 | Information Exposure vulnerability in multiple products git-annex is vulnerable to a private data exposure and exfiltration attack. | 7.5 |
| 2018-07-16 | CVE-2018-10859 | Information Exposure vulnerability in multiple products git-annex is vulnerable to an Information Exposure when decrypting files. | 7.5 |
| 2018-07-16 | CVE-2013-0522 | Information Exposure vulnerability in IBM Lotus Notes The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. | 7.0 |
| 2018-07-13 | CVE-2013-0570 | Information Exposure vulnerability in IBM Network Operating System The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. | 5.3 |
| 2018-07-13 | CVE-2016-9499 | Information Exposure vulnerability in Accellion FTP Server Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. | 5.3 |
| 2018-07-13 | CVE-2016-9491 | Information Exposure vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. | 4.9 |
| 2018-07-13 | CVE-2016-6548 | Information Exposure vulnerability in Nutspace NUT Mobile The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. | 9.8 |
| 2018-07-13 | CVE-2016-6547 | Information Exposure vulnerability in Nutspace NUT Mobile The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | 7.8 |