CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 73/75 • 8949 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-03-08
Medium

CVE-2017-0459

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-0455

An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0452

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0336

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it cou…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0334

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it cou…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8483

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8478

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8477

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8416

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8413

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-03-03
High

CVE-2016-3127

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2015-2877

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-23
High

CVE-2017-6206

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated I…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-21
High

CVE-2016-9314

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-15
High

CVE-2017-2981

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2980

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2979

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2978

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2977

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2976

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2975

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-2974

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2017-02-13
Critical

CVE-2017-5166

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure thr…

CVSS: 7.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2016-9349

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-5813

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-08
Medium

CVE-2015-7493

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0451

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0448

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0426

An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0425

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0424

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0421

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications.…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0420

An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issu…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0414

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0413

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8414

An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issu…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-03
Medium

CVE-2016-6648

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi…

CVSS: 4.4 CWE: CWE-275 View on NVD
Medium

CVE-2016-0890

EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite…

CVSS: 6.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-01
Medium

CVE-2016-8982

IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer hea…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2016-6001

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

CVSS: 3.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Low

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer he…

CVSS: 3.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-01-23
High

CVE-2017-5182

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total info…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2017-5556

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and a…

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2016-10104

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP…

CVSS: 5.9 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2016-10103

Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for G…

CVSS: 8.1 CWE: CWE-255 View on NVD
High

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Pa…

CVSS: 8.1 CWE: CWE-255 View on NVD
2017-01-13
Medium

CVE-2017-0398

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an…

CVSS: 8.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-10140

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker t…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-01-12
Medium

CVE-2017-0402

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels.…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0401

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0400

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels.…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0399

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0397

An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-0396

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. Thi…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-0381

An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is ra…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2016-8475

An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8474

An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate be…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8473

An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate be…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8472

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8471

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8470

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8469

An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it fir…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8462

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8461

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8460

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8410

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8409

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8408

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8407

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8406

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8405

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8404

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8403

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8402

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8401

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8400

An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Modera…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8397

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8396

An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6774

An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Thi…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6773

An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6757

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6756

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-01-11
Low

CVE-2015-8020

Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.

CVSS: 3.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-01-06
Medium

CVE-2016-8334

A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory…

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2017-01-03
Critical

CVE-2016-10105

admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-12-22
High

CVE-2016-9181

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could c…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2016-7091

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclos…

CVSS: 4.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-12-20
Medium

CVE-2016-7295

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7291

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow r…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2016-7290

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow r…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2016-7284

Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7282

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Mi…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-7280

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerabi…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-7278

Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosu…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7276

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2016-7270

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain se…

CVSS: 7.5 CWE: CWE-310 View on NVD
High

CVE-2016-7268

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 201…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2016-7265

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2016-7264

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2016-7258

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes v…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7257

The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive informati…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7219

The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-7206

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerabi…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2016-12-16
Medium

CVE-2016-8827

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter valid…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2016-8820

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potenti…

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
2016-12-15
High

CVE-2016-7889

Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-7887

Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-12-13
Medium

CVE-2016-6722

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could en…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6720

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could en…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-11-25
Medium

CVE-2016-6753

An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious applic…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6752

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6751

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6750

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6749

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6748

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6746

An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6721

An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission l…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6710

An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious appl…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD