Vulnerabilities (CVE)

Filtered by CWE-200
Total 8125 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12295 1 Cisco 1 Webex Meetings Server 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818.
CVE-2017-12872 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
CVE-2016-6122 1 Ibm 1 Kenexa Lms On Cloud 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
CVE-2017-0882 1 Gitlab 1 Gitlab 2025-04-20 4.0 MEDIUM 6.3 MEDIUM
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
CVE-2017-7345 1 Netapp 1 Clustered Data Ontap 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-10319 1 Oracle 1 Hospitality Suite8 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2017-0536 1 Linux 1 Linux Kernel 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.
CVE-2017-3527 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2017-6778 1 Cisco 1 Ultra Services Platform 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.
CVE-2017-6691 1 Cisco 1 Elastic Services Controller 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).
CVE-2017-7138 1 Apple 1 Mac Os X 2025-04-20 2.1 LOW 3.3 LOW
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.
CVE-2017-11327 1 Tilde Cms Project 1 Tilde Cms 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.
CVE-2017-10421 1 Oracle 1 Hospitality Suite8 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
CVE-2015-8034 1 Saltstack 1 Salt 2025-04-20 2.1 LOW 3.3 LOW
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2017-11834 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2025-04-20 2.6 LOW 5.3 MEDIUM
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791.
CVE-2017-2318 1 Juniper 1 Northstar Controller 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.
CVE-2017-11835 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-20 2.1 LOW 5.5 MEDIUM
Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832.
CVE-2017-6275 1 Google 1 Android 2025-04-20 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.
CVE-2017-3194 1 Pandora 1 Pandora 2025-04-20 4.3 MEDIUM 8.1 HIGH
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2014-9951 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.