Vulnerabilities (CVE)

Filtered by CWE-200
Total 8056 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7995 3 Novell, Suse, Xen 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more 2025-04-20 1.7 LOW 3.8 LOW
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
CVE-2016-9772 1 Openafs 1 Openafs 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
CVE-2017-0289 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 1.9 LOW 5.0 MEDIUM
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.
CVE-2017-10197 1 Oracle 1 Hospitality Opera 5 Property Services 2025-04-20 2.1 LOW 4.6 MEDIUM
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Folios). The supported version that is affected is 5.4.2.x through 5.5.1.x. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-6647 1 Cisco 1 Remote Expert Manager 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875.
CVE-2017-0814 1 Google 1 Android 2025-04-20 7.8 HIGH 7.5 HIGH
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.
CVE-2017-0879 1 Google 1 Android 2025-04-20 8.5 HIGH 9.1 CRITICAL
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.
CVE-2015-8034 1 Saltstack 1 Salt 2025-04-20 2.1 LOW 3.3 LOW
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2016-9736 1 Ibm 1 Websphere Application Server 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.
CVE-2016-7608 1 Apple 1 Mac Os X 2025-04-20 2.1 LOW 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.
CVE-2017-10334 1 Oracle 1 Weblogic Server 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2017-3797 1 Cisco 1 Webex Meetings Server 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7.
CVE-2017-10084 1 Oracle 1 Flexcube Universal Banking 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-0288 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 1.9 LOW 5.0 MEDIUM
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.
CVE-2017-0388 1 Google 1 Android 2025-04-20 2.1 LOW 5.5 MEDIUM
An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490.
CVE-2017-14955 1 Checkmk 1 Checkmk 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
CVE-2016-0307 1 Ibm 1 Connections 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
CVE-2016-9165 1 Ca 2 Unified Infrastructure Management, Unified Infrastructure Management Snap 2025-04-20 5.0 MEDIUM 7.5 HIGH
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
CVE-2016-9983 1 Ibm 1 Sterling B2b Integrator 2025-04-20 3.5 LOW 5.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.
CVE-2017-13821 1 Apple 1 Mac Os X 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.