Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-10 | CVE-2016-3918 | Information Exposure vulnerability in Google Android email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403. | 5.5 |
| 2016-10-10 | CVE-2016-3902 | Information Exposure vulnerability in Google Android drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072. | 5.5 |
| 2016-10-10 | CVE-2016-3860 | Information Exposure vulnerability in Google Android sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127. | 5.5 |
| 2016-10-10 | CVE-2015-8950 | Information Exposure vulnerability in Linux Kernel arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. | 5.5 |
| 2016-10-07 | CVE-2015-2080 | Information Exposure vulnerability in multiple products The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | 7.5 |
| 2016-10-06 | CVE-2015-1000012 | Information Exposure vulnerability in Mypixs Project Mypixs 0.3 Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | 7.5 |
| 2016-10-06 | CVE-2015-1000008 | Information Exposure vulnerability in Mp3-Jplayer Project Mp3-Jplayer 2.3.2 Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | 5.3 |
| 2016-10-06 | CVE-2016-6653 | Information Exposure vulnerability in Pivotal Software Cloud Foundry CF Mysql 27.0/28.0 The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. | 7.5 |
| 2016-10-06 | CVE-2016-6435 | Information Exposure vulnerability in Cisco Firepower Management Center 6.0.1 The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | 6.5 |
| 2016-10-06 | CVE-2016-6026 | Information Exposure vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. | 5.3 |