Export limit exceeded: 10767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10767 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8477 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007.
CVE-2017-8924 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
CVE-2017-8899 1 Invisioncommunity 1 Invision Power Board 2025-04-20 N/A
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
CVE-2015-8276 1 Eparaksts 2 Edoc-libraries, Eparakstitajs 3 2025-04-20 N/A
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.
CVE-2017-8878 1 Asus 2 Rt-ac1750, Rt-ac1750 Firmware 2025-04-20 N/A
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
CVE-2017-8865 1 Cognitoys 2 Stemosaur, Stemosaur Firmware 2025-04-20 N/A
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.
CVE-2017-8863 1 Cohuhd 2 3960hd, 3960hd Firmware 2025-04-20 N/A
Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.
CVE-2017-11852 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-20 N/A
Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".
CVE-2017-0242 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-20 N/A
An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."
CVE-2017-11939 1 Microsoft 1 Office 2025-04-20 N/A
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
CVE-2017-11919 1 Microsoft 10 Chakracore, Edge, Internet Explorer and 7 more 2025-04-20 N/A
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.
CVE-2017-0625 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.
CVE-2017-0647 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
CVE-2015-4057 1 Dell 1 Vce Vision Intelligent Operations 2025-04-20 7.5 High
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.
CVE-2017-0092 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 N/A
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
CVE-2015-4071 1 Helpdesk Pro Project 1 Helpdesk Pro 2025-04-20 N/A
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVE-2017-1193 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.
CVE-2017-15530 1 Symantec 1 Norton Family 2025-04-20 N/A
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.
CVE-2017-11934 1 Microsoft 1 Office 2025-04-20 N/A
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
CVE-2017-1228 1 Ibm 1 Bigfix Platform 2025-04-20 N/A
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907.