Vulnerabilities (CVE)

Filtered by CWE-200
Total 8274 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-10911 1 Linux 1 Linux Kernel 2024-02-04 4.9 MEDIUM 6.5 MEDIUM
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
CVE-2017-9794 1 Apache 1 Geode 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.
CVE-2017-0297 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2024-02-04 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.
CVE-2017-9731 1 Yocto Project 1 Yp Core-pyro 2024-02-04 5.0 MEDIUM 7.5 HIGH
In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.
CVE-2017-11848 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability".
CVE-2015-0784 1 Novell 1 Zenworks Configuration Management 2024-02-04 5.0 MEDIUM 7.5 HIGH
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
CVE-2014-2029 1 Percona 1 Toolkit 2024-02-04 6.8 MEDIUM 8.1 HIGH
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.
CVE-2015-3454 1 Vulcanjs 1 Vulcan 2024-02-04 5.0 MEDIUM 7.5 HIGH
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
CVE-2017-1340 1 Ibm 1 Jazz Reporting Service 2024-02-04 4.0 MEDIUM 5.0 MEDIUM
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
CVE-2017-4922 1 Vmware 1 Vcenter Server 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
CVE-2017-9788 6 Apache, Apple, Debian and 3 more 16 Http Server, Mac Os X, Debian Linux and 13 more 2024-02-04 6.4 MEDIUM 9.1 CRITICAL
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
CVE-2017-11790 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
CVE-2017-17476 2 Debian, Otrs 2 Debian Linux, Otrs 2024-02-04 6.8 MEDIUM 8.8 HIGH
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
CVE-2016-0238 1 Ibm 1 Security Guardium 2024-02-04 4.3 MEDIUM 3.7 LOW
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409
CVE-2016-2964 1 Ibm 1 Sametime 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813.
CVE-2017-14821 1 Foxitsoftware 1 Foxit Reader 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.
CVE-2017-0850 1 Google 1 Android 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.
CVE-2017-10266 1 Oracle 1 Tuxedo 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2015-9231 1 Iterm2 1 Iterm2 2024-02-04 5.0 MEDIUM 7.5 HIGH
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
CVE-2017-7140 1 Apple 1 Iphone Os 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.