Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2014-4992 | Information Exposure vulnerability in Cap-Strap Project Cap-Strap 0.1.5 lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2014-4991 | Information Exposure vulnerability in Codders-Dataset Project Codders-Dataset 1.3.2.1 (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | 7.8 |
| 2018-01-10 | CVE-2017-12169 | Information Exposure vulnerability in Freeipa It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. | 7.5 |
| 2018-01-10 | CVE-2017-9796 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | 5.3 |
| 2018-01-10 | CVE-2017-9795 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. | 7.5 |
| 2018-01-10 | CVE-2017-12622 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. | 7.1 |
| 2018-01-09 | CVE-2017-12697 | Information Exposure vulnerability in GM Shanghai Onstar 7.1 A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. | 5.9 |
| 2018-01-09 | CVE-2012-3353 | Information Exposure vulnerability in Apache Sling JCR Contentloader 2.1.4 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. | 7.5 |
| 2018-01-08 | CVE-2014-5394 | Information Exposure vulnerability in Huawei products Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. | 5.9 |
| 2018-01-08 | CVE-2018-5266 | Information Exposure vulnerability in Cobham SEA TEL 121 Firmware 222701 Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. | 7.5 |