Vulnerabilities (CVE)

Filtered by CWE-200
Total 8125 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3021 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 4.0 MEDIUM 2.7 LOW
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
CVE-2017-8677 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 2.1 LOW 5.5 MEDIUM
The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.
CVE-2017-0400 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.
CVE-2017-0626 1 Linux 1 Linux Kernel 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.
CVE-2017-1148 1 Ibm 1 Openpages Grc Platform 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
CVE-2015-1828 1 Http.rb Project 1 Http.rb 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.
CVE-2016-4341 1 Netapp 1 Clustered Data Ontap 2025-04-20 5.0 MEDIUM 7.5 HIGH
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
CVE-2016-7624 1 Apple 1 Mac Os X 2025-04-20 2.1 LOW 3.3 LOW
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
CVE-2017-8533 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.
CVE-2015-5069 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
CVE-2017-16584 1 Foxitsoftware 1 Foxit Reader 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290.
CVE-2015-2826 1 Simple Ads Manager Project 1 Simple Ads Manager 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
CVE-2017-5995 1 Netapp 1 Ontap Select Deploy Administration Utility 2025-04-20 5.0 MEDIUM 7.5 HIGH
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-1226 1 Ibm 1 Bigfix Platform 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905.
CVE-2017-0121 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
CVE-2016-3086 1 Apache 1 Hadoop 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
CVE-2017-0117 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
CVE-2016-10073 1 Vanillaforums 1 Vanilla 2025-04-20 5.0 MEDIUM 7.5 HIGH
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
CVE-2017-13836 1 Apple 1 Mac Os X 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-2328 1 Juniper 1 Northstar Controller 2025-04-20 2.1 LOW 5.5 MEDIUM
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.