Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-25 | CVE-2016-4739 | Information Exposure vulnerability in Apple mac OS X mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. | 3.7 |
| 2016-09-25 | CVE-2016-4715 | Information Exposure vulnerability in Apple mac OS X The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | 3.3 |
| 2016-09-25 | CVE-2016-4713 | Information Exposure vulnerability in Apple mac OS X CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | 5.3 |
| 2016-09-25 | CVE-2016-4708 | Information Exposure vulnerability in Apple products CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. | 6.5 |
| 2016-09-24 | CVE-2016-0918 | Information Exposure vulnerability in EMC products EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. | 4.3 |
| 2016-09-22 | CVE-2016-5282 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. | 6.5 |
| 2016-09-22 | CVE-2016-5279 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. | 4.3 |
| 2016-09-21 | CVE-2016-4968 | Information Exposure vulnerability in Fortinet Fortiwan The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | 6.5 |
| 2016-09-21 | CVE-2016-4967 | Information Exposure vulnerability in Fortinet Fortiwan Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php. | 6.5 |
| 2016-09-21 | CVE-2016-0904 | Information Exposure vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | 8.6 |