Vulnerabilities (CVE)

Filtered by CWE-200
Total 8185 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5262 1 Cambiumnetworks 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more 2025-04-20 7.7 HIGH 8.0 HIGH
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
CVE-2017-9487 1 Cisco 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover a WAN IPv6 IP address by leveraging knowledge of the CM MAC address.
CVE-2017-0738 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.
CVE-2017-16369 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.
CVE-2016-3732 1 Moodle 1 Moodle 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
CVE-2015-2251 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
CVE-2016-5958 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information.
CVE-2017-0455 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.8 HIGH
An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.
CVE-2017-0399 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756.
CVE-2016-5988 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
CVE-2017-1229 1 Ibm 1 Bigfix Platform 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908.
CVE-2015-1323 1 Canonical 1 Ubuntu Linux 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.
CVE-2016-8470 1 Google 1 Android 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395.
CVE-2017-9491 2 Cisco, Commscope 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
CVE-2017-2304 1 Juniper 7 Ex4300, Ex4600, Junos and 4 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'
CVE-2017-1154 1 Ibm 1 Algo One 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.
CVE-2016-8724 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.
CVE-2017-3130 1 Fortinet 1 Fortios 2025-04-20 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
CVE-2016-6332 1 Mediawiki 1 Mediawiki 2025-04-20 5.0 MEDIUM 7.5 HIGH
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
CVE-2017-0823 1 Google 1 Android 2025-04-20 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.