Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-28 | CVE-2016-1410 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. | 7.5 |
| 2016-05-23 | CVE-2016-3664 | Information Exposure vulnerability in Trend Micro Mobile Security 3.1 Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | 7.4 |
| 2016-05-23 | CVE-2016-4913 | Information Exposure vulnerability in multiple products The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. | 7.8 |
| 2016-05-23 | CVE-2016-4580 | Information Exposure vulnerability in multiple products The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. | 7.5 |
| 2016-05-23 | CVE-2016-4578 | Information Exposure vulnerability in multiple products sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | 5.5 |
| 2016-05-23 | CVE-2016-4569 | Information Exposure vulnerability in multiple products The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | 5.5 |
| 2016-05-23 | CVE-2016-4486 | Information Exposure vulnerability in multiple products The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | 3.3 |
| 2016-05-23 | CVE-2016-4485 | Information Exposure vulnerability in multiple products The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. | 7.5 |
| 2016-05-23 | CVE-2016-4482 | Information Exposure vulnerability in multiple products The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | 6.2 |
| 2016-05-22 | CVE-2016-2158 | Information Exposure vulnerability in Moodle lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. | 4.3 |