Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2017-14869 | Information Exposure vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. | 7.5 |
| 2018-01-10 | CVE-2017-11079 | Information Exposure vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size. | 9.8 |
| 2018-01-10 | CVE-2017-11066 | Information Exposure vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. | 7.5 |
| 2018-01-10 | CVE-2014-5004 | Information Exposure vulnerability in Brbackup Project Brbackup 0.1.1 lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2014-5001 | Information Exposure vulnerability in Kcapifony Project Kcapifony 2.1.6 lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | 7.8 |
| 2018-01-10 | CVE-2014-5000 | Information Exposure vulnerability in Lawn-Login Project Lawn-Login 0.0.7 The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2014-4999 | Information Exposure vulnerability in Kajam Project Kajam 1.0.3 vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2014-4998 | Information Exposure vulnerability in Lean-Ruport Project Lean-Ruport 0.3.8 test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2014-4997 | Information Exposure vulnerability in Point-Cli Project Point-Cli 0.0.1 lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2014-4993 | Information Exposure vulnerability in multiple products (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |