Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-10852 | Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. | 7.5 |
| 2018-06-26 | CVE-2018-0584 | Information Exposure vulnerability in IIJ Smartkey 2.1.0 IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | 7.5 |
| 2018-06-26 | CVE-2018-0575 | Information Exposure vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | 5.3 |
| 2018-06-26 | CVE-2018-0528 | Information Exposure vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-0526 | Information Exposure vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | 4.3 |
| 2018-06-25 | CVE-2018-12735 | Information Exposure vulnerability in Saj-Electric SAJ Solar Inverter SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | 7.5 |
| 2018-06-25 | CVE-2018-12716 | Information Exposure vulnerability in Google Chromecast Firmware and Home Firmware The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | 4.3 |
| 2018-06-22 | CVE-2017-7568 | Information Exposure vulnerability in Netapp Oncommand Unified Manager 5.1/5.2.1/5.2.2 NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | 5.3 |
| 2018-06-22 | CVE-2018-1655 | Information Exposure vulnerability in IBM AIX IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. | 5.5 |
| 2018-06-22 | CVE-2018-12634 | Information Exposure vulnerability in Circontrol Circarlife Scada CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | 9.8 |