Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2017-09-21 CVE-2017-11040 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.
local
low complexity
google CWE-200
5.5
2017-09-21 CVE-2017-11001 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.
local
low complexity
google CWE-200
5.5
2017-09-21 CVE-2017-10996 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated.
local
low complexity
google CWE-200
5.5
2017-09-21 CVE-2015-8559 Information Exposure vulnerability in Chef
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
network
low complexity
chef CWE-200
7.5
2017-09-21 CVE-2015-5284 Information Exposure vulnerability in Freeipa
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
network
low complexity
freeipa CWE-200
critical
9.8
2017-09-20 CVE-2015-9231 Information Exposure vulnerability in Iterm2
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries.
network
low complexity
iterm2 CWE-200
7.5
2017-09-20 CVE-2015-2826 Information Exposure vulnerability in Simple ADS Manager Project Simple ADS Manager 2.5.94/2.5.96
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
network
low complexity
simple-ads-manager-project CWE-200
5.3
2017-09-20 CVE-2015-8224 Information Exposure vulnerability in Huawei P8 Firmware
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.
network
high complexity
huawei CWE-200
3.7
2017-09-20 CVE-2017-8770 Information Exposure vulnerability in Twsz Wifi Repeater Firmware
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
network
low complexity
twsz CWE-200
7.5
2017-09-19 CVE-2015-4682 Information Exposure vulnerability in Polycom Realpresence Resource Manager
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
network
low complexity
polycom CWE-200
6.5