Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2014-8491 | Information Exposure vulnerability in Codeasily Grand Flagallery 1.56 The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php. | 5.3 |
| 2017-10-18 | CVE-2017-15589 | Information Exposure vulnerability in XEN 4.9.0 An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. | 6.5 |
| 2017-10-18 | CVE-2017-15583 | Information Exposure vulnerability in Hitachienergy Fox515T Firmware 1.0/R.1.0Ics10 The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. | 6.5 |
| 2017-10-18 | CVE-2017-15577 | Information Exposure vulnerability in multiple products Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-10-18 | CVE-2017-15576 | Information Exposure vulnerability in multiple products Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-10-17 | CVE-2017-15537 | Information Exposure vulnerability in Linux Kernel The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. | 5.5 |
| 2017-10-16 | CVE-2017-9368 | Information Exposure vulnerability in Blackberry Workspaces Appliance-X and Workspaces Vapp An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | 7.5 |
| 2017-10-16 | CVE-2014-9147 | Information Exposure vulnerability in Fiyo CMS Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | 7.5 |
| 2017-10-13 | CVE-2016-1265 | Information Exposure vulnerability in Juniper Junos Space A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. | 9.8 |
| 2017-10-13 | CVE-2017-8693 | Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016 The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability". | 5.5 |