Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-07 | CVE-2015-2774 | Information Exposure vulnerability in multiple products Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 5.9 |
| 2016-04-07 | CVE-2016-3973 | Information Exposure vulnerability in SAP Netweaver Application Server Java The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. | 5.3 |
| 2016-04-06 | CVE-2016-0871 | Information Exposure vulnerability in Eaton Lighting Systems EG2 web Control 4.04P Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | 7.5 |
| 2016-04-01 | CVE-2016-0793 | Information Exposure vulnerability in Redhat Jboss Wildfly Application Server 10.0.0 Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | 7.5 |
| 2016-03-24 | CVE-2016-1787 | Information Exposure vulnerability in Apple mac OS X Server Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | 5.3 |
| 2016-03-24 | CVE-2016-1786 | Information Exposure vulnerability in Apple Iphone OS The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. | 5.4 |
| 2016-03-24 | CVE-2016-1785 | Information Exposure vulnerability in Apple Iphone OS The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 6.5 |
| 2016-03-24 | CVE-2016-1780 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | 4.3 |
| 2016-03-24 | CVE-2016-1779 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | 6.5 |
| 2016-03-24 | CVE-2016-1772 | Information Exposure vulnerability in Apple Safari The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | 4.3 |