Vulnerabilities (CVE)

Filtered by CWE-200
Total 8186 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3250 1 Apache 1 Directory Ldap Api 2025-04-20 5.0 MEDIUM 7.5 HIGH
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.
CVE-2017-8676 1 Microsoft 14 Live Meeting, Lync, Office and 11 more 2025-04-20 2.1 LOW 3.3 LOW
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
CVE-2015-8251 1 Unify 21 Openscape Desk Phone Ip 35g Eco Hfa, Openscape Desk Phone Ip 35g Eco Sip, Openscape Desk Phone Ip 35g Eco Sip Firmware and 18 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.
CVE-2017-11919 1 Microsoft 10 Chakracore, Edge, Internet Explorer and 7 more 2025-04-20 2.6 LOW 5.3 MEDIUM
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.
CVE-2016-2981 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 2.1 LOW 6.8 MEDIUM
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
CVE-2017-15328 1 Huawei 2 Hg8245h, Hg8245h Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.
CVE-2017-1261 1 Ibm 1 Security Guardium 2025-04-20 2.1 LOW 3.3 LOW
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
CVE-2017-8474 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-20 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.
CVE-2017-0426 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236.
CVE-2017-16580 1 Foxitsoftware 1 Foxit Reader 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281.
CVE-2016-1561 1 Exagrid 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
CVE-2016-8407 1 Linux 1 Linux Kernel 2025-04-20 4.3 MEDIUM 4.7 MEDIUM
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656.
CVE-2017-5537 1 Weblate 1 Weblate 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.
CVE-2017-10267 1 Oracle 1 Tuxedo 2025-04-20 5.0 MEDIUM 7.5 HIGH
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-13695 1 Linux 1 Linux Kernel 2025-04-20 2.1 LOW 5.5 MEDIUM
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVE-2017-3315 1 Oracle 1 Peoplesoft Enterprise Human Capital Management Eperformance 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
CVE-2017-10373 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-20 5.0 MEDIUM 7.5 HIGH
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Health Center). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-3841 1 Cisco 1 Secure Access Control System 2025-04-20 5.0 MEDIUM 7.5 HIGH
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5).
CVE-2017-13143 1 Imagemagick 1 Imagemagick 2025-04-20 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVE-2016-4442 1 Miniprofiler 1 Rack-mini-profiler 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.