Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-12 | CVE-2016-0089 | Information Exposure vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | 7.1 |
| 2016-04-12 | CVE-2016-3170 | Information Exposure vulnerability in multiple products The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. | 5.3 |
| 2016-04-12 | CVE-2016-2166 | Information Exposure vulnerability in multiple products The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | 6.5 |
| 2016-04-12 | CVE-2016-2140 | Information Exposure vulnerability in Openstack Nova The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | 5.3 |
| 2016-04-12 | CVE-2015-8537 | Information Exposure vulnerability in multiple products app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | 5.3 |
| 2016-04-12 | CVE-2015-8473 | Information Exposure vulnerability in multiple products The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | 4.3 |
| 2016-04-11 | CVE-2015-8399 | Information Exposure vulnerability in Atlassian Confluence Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | 4.3 |
| 2016-04-11 | CVE-2015-7528 | Information Exposure vulnerability in multiple products Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | 5.3 |
| 2016-04-11 | CVE-2015-7502 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | 5.1 |
| 2016-04-11 | CVE-2014-9759 | Information Exposure vulnerability in Mantisbt 1.3.0 Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. | 5.3 |