Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-11 | CVE-2016-4643 | Information Exposure vulnerability in Apple Iphone OS In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. | 6.5 |
| 2019-01-10 | CVE-2019-5884 | Information Exposure vulnerability in Std42 Elfinder php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | 5.9 |
| 2019-01-09 | CVE-2018-20681 | Information Exposure vulnerability in Mate-Desktop Mate-Screensaver mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. | 6.1 |
| 2019-01-09 | CVE-2018-16192 | Information Exposure vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. | 6.5 |
| 2019-01-09 | CVE-2018-1000410 | Information Exposure vulnerability in Jenkins An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. | 7.8 |
| 2019-01-09 | CVE-2018-6179 | Information Exposure vulnerability in multiple products Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | 6.5 |
| 2019-01-09 | CVE-2018-6164 | Information Exposure vulnerability in multiple products Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-6147 | Information Exposure vulnerability in multiple products Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. | 5.5 |
| 2019-01-09 | CVE-2018-6137 | Information Exposure vulnerability in multiple products CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-6117 | Information Exposure vulnerability in multiple products Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |