Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-03 | CVE-2016-6494 | Information Exposure vulnerability in multiple products The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | 5.5 |
| 2016-10-03 | CVE-2016-7442 | Information Exposure vulnerability in Sophos Unified Threat Management Software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. | 4.4 |
| 2016-10-03 | CVE-2016-7397 | Information Exposure vulnerability in Sophos Unified Threat Management Software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. | 4.4 |
| 2016-10-01 | CVE-2016-5986 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. | 7.5 |
| 2016-09-29 | CVE-2016-7090 | Information Exposure vulnerability in Siemens Scalance M-800 Firmware and Scalance S615 Firmware The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 4.0 |
| 2016-09-27 | CVE-2016-6146 | Information Exposure vulnerability in SAP Trex 7.10 The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | 5.3 |
| 2016-09-26 | CVE-2016-6827 | Information Exposure vulnerability in Huawei Fusioncompute Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-09-26 | CVE-2016-3639 | Information Exposure vulnerability in SAP Hana DB 1.00.091.00.1418659308 SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | 4.3 |
| 2016-09-26 | CVE-2016-5976 | Information Exposure vulnerability in IBM Tealeaf Customer Experience The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. | 4.9 |
| 2016-09-26 | CVE-2016-5970 | Information Exposure vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2 Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. | 6.5 |