Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-02 | CVE-2016-5006 | Information Exposure vulnerability in Pivotal Software Cloud Foundry and Cloud Foundry Elastic Runtime The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. | 9.8 |
| 2017-05-02 | CVE-2016-4442 | Information Exposure vulnerability in Miniprofiler Rack-Mini-Profiler The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. | 5.3 |
| 2017-05-01 | CVE-2016-10351 | Information Exposure vulnerability in Telegram Desktop Telegram Desktop 0.10.19 Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 5.5 |
| 2017-04-29 | CVE-2017-7644 | Information Exposure vulnerability in Paloaltonetworks Pan-Os The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. | 6.5 |
| 2017-04-28 | CVE-2017-1141 | Information Exposure vulnerability in IBM Insights Foundation for Energy 1.0/1.5/1.6 IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. | 4.3 |
| 2017-04-28 | CVE-2017-2109 | Information Exposure vulnerability in Cybozu Kunai 3.0.4/3.0.5/3.0.5.1 Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | 2.5 |
| 2017-04-28 | CVE-2017-2105 | Information Exposure vulnerability in Presentcast INC Tver 3.2.7 The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-28 | CVE-2017-2104 | Information Exposure vulnerability in K-Opticom Corporation Business Lala Call 1.4.7 The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-28 | CVE-2017-2103 | Information Exposure vulnerability in K-Opticom Corporation Lala Call 2.4.7 The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-28 | CVE-2017-2093 | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | 4.3 |