Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1764 | Information Exposure vulnerability in Apple mac OS X The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | 4.3 |
| 2016-03-24 | CVE-2016-1758 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | 3.3 |
| 2016-03-24 | CVE-2016-1748 | Information Exposure vulnerability in Apple products IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 3.3 |
| 2016-03-19 | CVE-2015-2286 | Information Exposure vulnerability in EDX Open EDX 20150127 lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site. | 6.5 |
| 2016-03-18 | CVE-2016-3155 | Information Exposure vulnerability in Siemens Apogee Insight Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. | 3.4 |
| 2016-03-18 | CVE-2016-1994 | Information Exposure vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-03-17 | CVE-2016-1992 | Information Exposure vulnerability in HP products HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-03-13 | CVE-2016-1967 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. | 6.5 |
| 2016-03-13 | CVE-2016-1955 | Information Exposure vulnerability in multiple products Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | 4.3 |
| 2016-03-12 | CVE-2016-0831 | Information Exposure vulnerability in Google Android The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. | 5.5 |