Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-15 | CVE-2016-5797 | Information Exposure vulnerability in Tollgrade Lighthouse SMS Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts. | 5.3 |
| 2016-07-13 | CVE-2016-3100 | Information Exposure vulnerability in multiple products kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. | 8.4 |
| 2016-07-13 | CVE-2016-3277 | Information Exposure vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | 5.3 |
| 2016-07-13 | CVE-2016-3273 | Information Exposure vulnerability in Microsoft Edge and Internet Explorer The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | 5.3 |
| 2016-07-13 | CVE-2016-3272 | Information Exposure vulnerability in Microsoft products The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability." | 2.8 |
| 2016-07-13 | CVE-2016-3271 | Information Exposure vulnerability in Microsoft Edge The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | 6.5 |
| 2016-07-13 | CVE-2016-3261 | Information Exposure vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | 5.3 |
| 2016-07-13 | CVE-2016-3256 | Information Exposure vulnerability in Microsoft Windows 10 1511 Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability." | 5.0 |
| 2016-07-13 | CVE-2016-3251 | Information Exposure vulnerability in Microsoft products The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability." | 2.8 |
| 2016-07-12 | CVE-2016-4985 | Information Exposure vulnerability in multiple products The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. | 7.5 |