Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2015-12-30 CVE-2015-7248 Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
network
low complexity
zte CWE-200
7.5
2015-12-29 CVE-2015-5330 Information Exposure vulnerability in Samba
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
network
low complexity
samba CWE-200
7.5
2015-12-29 CVE-2015-5299 Information Exposure vulnerability in multiple products
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
network
low complexity
samba debian canonical CWE-200
5.3
2015-12-28 CVE-2015-6852 Information Exposure vulnerability in EMC Secure Remote Services 3.0/3.02/3.03
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
network
low complexity
emc CWE-200
4.3
2015-12-28 CVE-2015-8569 Information Exposure vulnerability in Linux Kernel
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
local
low complexity
linux CWE-200
2.3
2015-12-28 CVE-2015-8374 Information Exposure vulnerability in Linux Kernel
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
local
low complexity
linux CWE-200
4.0
2015-12-28 CVE-2015-7885 Information Exposure vulnerability in Linux Kernel
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
local
low complexity
linux CWE-200
2.3
2015-12-28 CVE-2015-7884 Information Exposure vulnerability in Linux Kernel
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
local
low complexity
linux CWE-200
2.3
2015-12-27 CVE-2015-7665 Information Exposure vulnerability in Tails Project Tails 1.6
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.
network
low complexity
tails-project CWE-200
5.3
2015-12-27 CVE-2015-8253 Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.
network
high complexity
rsi-video-technologies CWE-200
3.7