Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2017-1124 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. | 2.9 |
| 2017-03-07 | CVE-2016-9725 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. | 5.3 |
| 2017-03-07 | CVE-2016-9720 | Information Exposure vulnerability in IBM products IBM QRadar 7.2 discloses sensitive information to unauthorized users. | 5.3 |
| 2017-03-07 | CVE-2016-8940 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. | 8.8 |
| 2017-03-07 | CVE-2016-4950 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | 7.5 |
| 2017-03-07 | CVE-2016-4949 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | 7.5 |
| 2017-03-07 | CVE-2016-4947 | Information Exposure vulnerability in Cloudera HUE 3.9.0 Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. | 5.3 |
| 2017-03-07 | CVE-2013-5653 | Information Exposure vulnerability in multiple products The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | 5.5 |
| 2017-03-03 | CVE-2016-3127 | Information Exposure vulnerability in Blackberry Good Control Server 2.2.511.26 An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server. | 7.5 |
| 2017-03-03 | CVE-2016-7409 | Information Exposure vulnerability in Dropbear SSH Project Dropbear SSH The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. | 5.5 |