Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-01 | CVE-2015-2204 | Information Exposure vulnerability in Evergreen-Ils Evergreen Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | 7.5 |
| 2018-02-01 | CVE-2015-2203 | Information Exposure vulnerability in Evergreen-Ils Evergreen 2.5.9/2.6.7/2.7.4 Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | 6.5 |
| 2018-02-01 | CVE-2013-7435 | Information Exposure vulnerability in Evergreen-Ils Evergreen The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | 6.5 |
| 2018-02-01 | CVE-2018-6470 | Information Exposure vulnerability in Nibbleblog 4.0.5 Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. | 5.3 |
| 2018-01-31 | CVE-2017-16911 | Information Exposure vulnerability in Linux Kernel The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. | 4.7 |
| 2018-01-31 | CVE-2018-6460 | Information Exposure vulnerability in Anchorfree Hotspot Shield Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. | 7.5 |
| 2018-01-31 | CVE-2018-6412 | Information Exposure vulnerability in Linux Kernel In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | 7.5 |
| 2018-01-29 | CVE-2017-1784 | Information Exposure vulnerability in multiple products IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. | 5.5 |
| 2018-01-29 | CVE-2018-6008 | Information Exposure vulnerability in Joomlatag Jtag Members Directory 5.3.7 Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | 7.5 |
| 2018-01-26 | CVE-2017-1515 | Information Exposure vulnerability in IBM Rational Doors IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. | 4.3 |