Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-31 | CVE-2015-2896 | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | 5.3 |
| 2015-12-31 | CVE-2014-4876 | Information Exposure vulnerability in Toshiba 4690 Operating System 6.3 Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | 3.7 |
| 2015-12-30 | CVE-2015-8703 | Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. | 6.5 |
| 2015-12-30 | CVE-2015-7787 | Information Exposure vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | 4.3 |
| 2015-12-30 | CVE-2015-7248 | Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703. | 7.5 |
| 2015-12-29 | CVE-2015-5330 | Information Exposure vulnerability in Samba ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. | 7.5 |
| 2015-12-29 | CVE-2015-5299 | Information Exposure vulnerability in multiple products The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. | 5.3 |
| 2015-12-28 | CVE-2015-6852 | Information Exposure vulnerability in EMC Secure Remote Services 3.0/3.02/3.03 Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | 4.3 |
| 2015-12-28 | CVE-2015-8569 | Information Exposure vulnerability in Linux Kernel The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-8374 | Information Exposure vulnerability in Linux Kernel fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. | 4.0 |