Vulnerabilities (CVE)

Filtered by CWE-200
Total 8185 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14114 1 Rtpproxy 1 Rtpproxy 2025-04-20 6.4 MEDIUM 6.5 MEDIUM
RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets.
CVE-2017-8485 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.
CVE-2017-6644 1 Cisco 1 Remote Expert Manager 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860.
CVE-2017-1099 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.
CVE-2017-0009 1 Microsoft 1 Internet Explorer 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVE-2017-1000143 1 Mahara 1 Mahara 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
CVE-2017-1381 1 Ibm 1 Websphere Application Server 2025-04-20 2.1 LOW 3.3 LOW
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
CVE-2017-8739 1 Microsoft 2 Edge, Windows 10 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
CVE-2015-8378 1 Keepassx Project 1 Keepassx 2025-04-20 5.0 MEDIUM 7.5 HIGH
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
CVE-2017-11939 1 Microsoft 1 Office 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
CVE-2017-8553 1 Microsoft 5 Windows 8.1, Windows Rt 8.1, Windows Server 2008 and 2 more 2025-04-20 1.9 LOW 4.7 MEDIUM
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".
CVE-2017-2384 1 Apple 1 Iphone Os 2025-04-20 2.1 LOW 3.3 LOW
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.
CVE-2017-11356 1 Pega 1 Pega Platform 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
CVE-2017-0627 1 Linux 1 Linux Kernel 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.
CVE-2017-0628 1 Linux 1 Linux Kernel 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.
CVE-2013-5653 2 Artifex, Debian 2 Afpl Ghostscript, Debian Linux 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVE-2016-4665 1 Apple 3 Iphone Os, Tvos, Watchos 2025-04-20 4.3 MEDIUM 3.3 LOW
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.
CVE-2015-2251 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
CVE-2017-14943 1 Trapezegroup 1 Transitmaster 2025-04-20 5.0 MEDIUM 7.5 HIGH
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference.
CVE-2017-9682 1 Google 1 Android 2025-04-20 2.6 LOW 4.7 MEDIUM
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.