Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-21 | CVE-2018-7268 | Information Exposure vulnerability in Magnicomp Sysinfo 10H62/10H76/10H80 MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. | 5.5 |
| 2018-05-18 | CVE-2018-5256 | Information Exposure vulnerability in Redhat Tectonic CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. | 7.5 |
| 2018-05-17 | CVE-2018-1465 | Information Exposure vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. | 5.3 |
| 2018-05-17 | CVE-2018-1464 | Information Exposure vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. | 6.5 |
| 2018-05-17 | CVE-2018-1438 | Information Exposure vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. | 7.5 |
| 2018-05-17 | CVE-2018-1433 | Information Exposure vulnerability in IBM products IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. | 7.5 |
| 2018-05-17 | CVE-2018-1276 | Information Exposure vulnerability in Pivotal Software Windows Stemcells Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. | 6.5 |
| 2018-05-17 | CVE-2018-8714 | Information Exposure vulnerability in Honeywell Matrikonopc Explorer Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | 6.1 |
| 2018-05-17 | CVE-2018-10729 | Information Exposure vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. | 5.3 |
| 2018-05-17 | CVE-2018-9948 | Information Exposure vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. | 6.5 |