Vulnerabilities (CVE)

Filtered by CWE-200
Total 8190 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15537 1 Linux 1 Linux Kernel 2025-04-20 2.1 LOW 5.5 MEDIUM
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
CVE-2017-3118 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.
CVE-2016-5409 1 Redhat 1 Openshift 2025-04-20 5.0 MEDIUM 7.5 HIGH
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
CVE-2017-0557 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.
CVE-2016-8727 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.
CVE-2017-0698 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.
CVE-2016-9677 1 Citrix 1 Provisioning Services 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.
CVE-2016-8940 1 Ibm 1 Tivoli Storage Manager 2025-04-20 4.0 MEDIUM 8.8 HIGH
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
CVE-2017-17463 1 Vivo 2 Modem, Modem Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.
CVE-2017-0196 1 Microsoft 1 Edge 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2017-14822 1 Foxitsoftware 1 Foxit Reader 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014.
CVE-2016-8461 1 Linux 1 Linux Kernel 2025-04-20 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621.
CVE-2017-0126 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128.
CVE-2017-0287 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 1.9 LOW 5.0 MEDIUM
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.
CVE-2017-0128 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.
CVE-2017-5866 1 Owncloud 1 Owncloud 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2017-0452 1 Linux 1 Linux Kernel 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693.
CVE-2017-11927 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".
CVE-2017-8486 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 1.9 LOW 4.7 MEDIUM
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability".
CVE-2016-8230 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 5.0 MEDIUM 7.5 HIGH
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.