Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-04 | CVE-2020-7130 | Information Exposure vulnerability in HP Oneview Global Dashboard 1.9 HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. | 7.5 |
| 2020-03-04 | CVE-2020-3193 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. | 5.3 |
| 2020-03-04 | CVE-2020-3182 | Information Exposure vulnerability in Cisco Webex Meetings 40.1.8.5 A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. | 4.3 |
| 2020-02-27 | CVE-2018-8878 | Information Exposure vulnerability in multiple products Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | 5.3 |
| 2020-02-27 | CVE-2018-8877 | Information Exposure vulnerability in multiple products Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | 5.3 |
| 2020-02-24 | CVE-2020-5244 | Information Exposure vulnerability in Buddypress 5.0.0/5.1.0/5.1.1 In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. | 7.5 |
| 2020-02-21 | CVE-2013-3587 | Information Exposure vulnerability in F5 products The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 5.9 |
| 2020-02-21 | CVE-2012-0844 | Information Exposure vulnerability in multiple products Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | 5.5 |
| 2020-02-21 | CVE-2013-4088 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 6.5 |
| 2020-02-21 | CVE-2013-3551 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 6.5 |