Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1614 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. | 7.5 |
| 2018-06-26 | CVE-2018-3760 | Information Exposure vulnerability in multiple products There is an information leak vulnerability in Sprockets. | 7.5 |
| 2018-06-26 | CVE-2018-4861 | Information Exposure vulnerability in Siemens Scalance M875 Firmware A vulnerability has been identified in SCALANCE M875 (All versions). | 4.9 |
| 2018-06-26 | CVE-2018-10663 | Information Exposure vulnerability in Axis products An issue was discovered in multiple models of Axis IP Cameras. | 7.5 |
| 2018-06-26 | CVE-2018-1000609 | Information Exposure vulnerability in Jenkins Configuration AS Code A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | 6.5 |
| 2018-06-26 | CVE-2018-1000603 | Information Exposure vulnerability in Jenkins Openstack Cloud A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | 8.8 |
| 2018-06-26 | CVE-2018-1000601 | Information Exposure vulnerability in Jenkins SSH Credentials A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. | 6.5 |
| 2018-06-26 | CVE-2018-1000600 | Information Exposure vulnerability in Jenkins Github A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2018-06-26 | CVE-2018-1000549 | Information Exposure vulnerability in Wekan Project Wekan 1.04.0 Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. | 5.3 |
| 2018-06-26 | CVE-2018-1000535 | Information Exposure vulnerability in LMS lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. | 7.5 |