Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-09 | CVE-2016-1317 | Information Exposure vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. | 4.3 |
| 2016-02-09 | CVE-2016-1316 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | 5.3 |
| 2016-02-08 | CVE-2015-3251 | Information Exposure vulnerability in Apache Cloudstack 4.4.4/4.5.1 Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | 4.9 |
| 2016-02-08 | CVE-2015-2012 | Information Exposure vulnerability in IBM Websphere MQ The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | 4.0 |
| 2016-02-08 | CVE-2015-8575 | Information Exposure vulnerability in Linux Kernel The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | 4.0 |
| 2016-02-07 | CVE-2016-0811 | Information Exposure vulnerability in Google Android 6.0/6.0.1 Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375. | 7.5 |
| 2016-02-06 | CVE-2015-7915 | Information Exposure vulnerability in Sauter Moduweb Vision 1.5.5 Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 9.8 |
| 2016-02-05 | CVE-2016-0862 | Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7 General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | 6.5 |
| 2016-02-01 | CVE-2016-1728 | Information Exposure vulnerability in Apple Safari The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | 4.3 |
| 2016-01-31 | CVE-2016-1939 | Information Exposure vulnerability in multiple products Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | 5.3 |