Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-30 | CVE-2016-1199 | Information Exposure vulnerability in Lockon Ec-Cube The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | 5.3 |
| 2016-04-25 | CVE-2016-1185 | Information Exposure vulnerability in Cybozu Kintone The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. | 2.5 |
| 2016-04-22 | CVE-2016-1595 | Information Exposure vulnerability in Novell Service Desk 7.1 LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. | 6.5 |
| 2016-04-22 | CVE-2016-1594 | Information Exposure vulnerability in Novell Service Desk 7.1 Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. | 6.5 |
| 2016-04-22 | CVE-2016-3145 | Information Exposure vulnerability in Lexmark Printer Firmware Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | 4.6 |
| 2016-04-22 | CVE-2016-2304 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
| 2016-04-22 | CVE-2016-2302 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | 5.3 |
| 2016-04-21 | CVE-2016-2294 | Information Exposure vulnerability in Accuenergy Acuvim II NET Firmware and Acuvim IIR NET Firmware The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. | 7.5 |
| 2016-04-19 | CVE-2015-7511 | Information Exposure vulnerability in multiple products Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. | 2.0 |
| 2016-04-19 | CVE-2015-1776 | Information Exposure vulnerability in Apache Hadoop Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. | 6.2 |