Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2015-5069 | Information Exposure vulnerability in multiple products The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | 4.3 |
| 2017-09-26 | CVE-2017-9960 | Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. | 5.3 |
| 2017-09-26 | CVE-2015-8707 | Information Exposure vulnerability in Magento Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | 9.8 |
| 2017-09-26 | CVE-2015-0238 | Information Exposure vulnerability in Redhat Openshift 2.0 selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. | 3.3 |
| 2017-09-26 | CVE-2014-8889 | Information Exposure vulnerability in Dropbox SDK 1.5.4/1.6.1 Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | 5.3 |
| 2017-09-25 | CVE-2015-8251 | Information Exposure vulnerability in Unify products OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. | 5.9 |
| 2017-09-25 | CVE-2015-7846 | Information Exposure vulnerability in Huawei products Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | 4.6 |
| 2017-09-22 | CVE-2017-9393 | Information Exposure vulnerability in CA products CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 9.8 |
| 2017-09-22 | CVE-2017-14653 | Information Exposure vulnerability in Asp4Cms Aspcms 2.7.2 member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | 6.5 |
| 2017-09-21 | CVE-2017-14680 | Information Exposure vulnerability in Zkteco Zktime web 2.0.1.12280 ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | 7.5 |