Search Results (9958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-3107 1 Adobe 1 Experience Manager 2025-04-20 N/A
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
CVE-2017-3154 1 Apache 1 Atlas 2025-04-20 N/A
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
CVE-2017-8924 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
CVE-2015-3454 1 Vulcanjs 1 Vulcan 2025-04-20 N/A
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
CVE-2017-9149 1 Metadata Anonymisation Toolkit Project 1 Metadata Anonymisation Toolkit 2025-04-20 N/A
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.
CVE-2017-7138 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.
CVE-2017-7139 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action.
CVE-2017-7148 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.
CVE-2017-7216 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.
CVE-2017-14653 1 Asp4cms 1 Aspcms 2025-04-20 N/A
member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.
CVE-2017-5496 1 Sawmill 1 Sawmill 2025-04-20 N/A
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
CVE-2016-1559 2 D-link, Dlink 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more 2025-04-20 N/A
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2017-6691 1 Cisco 1 Elastic Services Controller 2025-04-20 N/A
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).
CVE-2017-9812 1 Kaspersky 1 Anti-virus For Linux Server 2025-04-20 N/A
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
CVE-2014-9970 2 Jasypt Project, Redhat 8 Jasypt, Enterprise Linux, Jboss Bpms and 5 more 2025-04-20 N/A
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVE-2017-11850 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2025-04-20 N/A
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
CVE-2017-0267 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-20 N/A
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.
CVE-2015-7880 1 Drupal 1 Drupal 2025-04-20 N/A
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
CVE-2016-2971 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
CVE-2017-1257 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.