Total
9973 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7317 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2025-04-20 | N/A |
| An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. | ||||
| CVE-2017-0401 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016. | ||||
| CVE-2016-5966 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2017-13822 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||||
| CVE-2017-5117 | 5 Debian, Google, Linux and 2 more | 5 Debian Linux, Chrome, Linux Kernel and 2 more | 2025-04-20 | N/A |
| Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2017-5372 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. | ||||
| CVE-2017-5000 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-20 | N/A |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. | ||||
| CVE-2016-6883 | 1 Matrixssl | 1 Matrixssl | 2025-04-20 | N/A |
| MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | ||||
| CVE-2017-5001 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-20 | N/A |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. | ||||
| CVE-2016-7600 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. | ||||
| CVE-2017-1000099 | 1 Haxx | 1 Libcurl | 2025-04-20 | N/A |
| When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. | ||||
| CVE-2017-4986 | 1 Emc | 1 Secure Remote Services | 2025-04-20 | N/A |
| EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2017-7531 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.3, the course overview block reveals activities in hidden courses. | ||||
| CVE-2017-0895 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed. | ||||
| CVE-2016-6097 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2017-12870 | 1 Simplesamlphp | 1 Simplesamlphp | 2025-04-20 | N/A |
| SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | ||||
| CVE-2017-0288 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2025-04-20 | 5.0 Medium |
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | ||||
| CVE-2017-1381 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | N/A |
| IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. | ||||
| CVE-2017-4977 | 1 Emc | 1 Rsa Archer Security Operations Management | 2025-04-20 | N/A |
| EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. | ||||
| CVE-2017-5011 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. | ||||