Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2017-1669 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. | 3.7 |
| 2018-01-04 | CVE-2018-0800 | Information Exposure vulnerability in Microsoft Chakracore and Edge Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 5.3 |
| 2018-01-04 | CVE-2018-0766 | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
| 2018-01-04 | CVE-2017-5754 | Information Exposure vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | 5.6 |
| 2018-01-02 | CVE-2017-1000413 | Information Exposure vulnerability in Linaro Op-Tee Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | 5.9 |
| 2018-01-02 | CVE-2017-1000412 | Information Exposure vulnerability in Linaro Op-Tee Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. | 7.5 |
| 2018-01-01 | CVE-2018-3813 | Information Exposure vulnerability in Flir products getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | 9.8 |
| 2017-12-29 | CVE-2013-7400 | Information Exposure vulnerability in DKD Direct Mail The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | 7.5 |
| 2017-12-27 | CVE-2017-17926 | Information Exposure vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | 5.3 |
| 2017-12-27 | CVE-2017-17898 | Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | 7.5 |