Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-08 | CVE-2015-8575 | Information Exposure vulnerability in Linux Kernel The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | 4.0 |
| 2016-02-07 | CVE-2016-0811 | Information Exposure vulnerability in Google Android 6.0/6.0.1 Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375. | 7.5 |
| 2016-02-06 | CVE-2015-7915 | Information Exposure vulnerability in Sauter Moduweb Vision 1.5.5 Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 9.8 |
| 2016-02-05 | CVE-2016-0862 | Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7 General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | 6.5 |
| 2016-02-01 | CVE-2016-1728 | Information Exposure vulnerability in Apple Safari The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | 4.3 |
| 2016-01-31 | CVE-2016-1939 | Information Exposure vulnerability in multiple products Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | 5.3 |
| 2016-01-30 | CVE-2016-0867 | Information Exposure vulnerability in Carel Plantvisor Enhanced CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | 7.5 |
| 2016-01-29 | CVE-2015-8792 | Information Exposure vulnerability in multiple products The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. | 5.3 |
| 2016-01-29 | CVE-2015-8791 | Information Exposure vulnerability in Matroska Libebml The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | 4.3 |
| 2016-01-29 | CVE-2015-8790 | Information Exposure vulnerability in Matroska Libebml The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. | 4.3 |