Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-30 | CVE-2016-0867 | Information Exposure vulnerability in Carel Plantvisor Enhanced CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | 7.5 |
| 2016-01-29 | CVE-2015-8792 | Information Exposure vulnerability in multiple products The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. | 5.3 |
| 2016-01-29 | CVE-2015-8791 | Information Exposure vulnerability in Matroska Libebml The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | 4.3 |
| 2016-01-29 | CVE-2015-8790 | Information Exposure vulnerability in Matroska Libebml The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. | 4.3 |
| 2016-01-27 | CVE-2015-8618 | Information Exposure vulnerability in multiple products The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. | 7.5 |
| 2016-01-27 | CVE-2015-7488 | Information Exposure vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. | 5.9 |
| 2016-01-27 | CVE-2015-7487 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. | 4.1 |
| 2016-01-26 | CVE-2016-1490 | Information Exposure vulnerability in Lenovo Shareit 2.5.1.1 The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | 4.1 |
| 2016-01-25 | CVE-2016-1618 | Information Exposure vulnerability in Google Chrome Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 6.5 |
| 2016-01-25 | CVE-2016-1617 | Information Exposure vulnerability in Google Chrome The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. | 4.3 |