Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-10663 | Information Exposure vulnerability in Axis products An issue was discovered in multiple models of Axis IP Cameras. | 7.5 |
| 2018-06-26 | CVE-2018-1000609 | Information Exposure vulnerability in Jenkins Configuration AS Code A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | 6.5 |
| 2018-06-26 | CVE-2018-1000603 | Information Exposure vulnerability in Jenkins Openstack Cloud A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | 8.8 |
| 2018-06-26 | CVE-2018-1000601 | Information Exposure vulnerability in Jenkins SSH Credentials A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. | 6.5 |
| 2018-06-26 | CVE-2018-1000600 | Information Exposure vulnerability in Jenkins Github A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2018-06-26 | CVE-2018-1000549 | Information Exposure vulnerability in Wekan Project Wekan 1.04.0 Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. | 5.3 |
| 2018-06-26 | CVE-2018-1000535 | Information Exposure vulnerability in LMS lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. | 7.5 |
| 2018-06-26 | CVE-2018-10852 | Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. | 7.5 |
| 2018-06-26 | CVE-2018-0584 | Information Exposure vulnerability in IIJ Smartkey 2.1.0 IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | 7.5 |
| 2018-06-26 | CVE-2018-0575 | Information Exposure vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | 5.3 |