Vulnerabilities (CVE)

Filtered by CWE-200
Total 8185 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0358 1 Ibm 1 Sametime 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
CVE-2017-8532 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.
CVE-2017-1000382 1 Vim 1 Vim 2025-04-20 2.1 LOW 5.5 MEDIUM
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
CVE-2017-9701 1 Google 1 Android 2025-04-20 5.0 MEDIUM 7.5 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.
CVE-2017-0268 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.
CVE-2017-1295 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
CVE-2017-0459 1 Linux 1 Linux Kernel 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939.
CVE-2014-8723 1 Get-simple 1 Getsimple Cms 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
CVE-2017-5017 1 Google 1 Chrome 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.
CVE-2017-0096 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 2.3 LOW 2.6 LOW
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
CVE-2016-8926 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.
CVE-2016-0238 1 Ibm 1 Security Guardium 2025-04-20 4.3 MEDIUM 3.7 LOW
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409
CVE-2017-4017 1 Mcafee 1 Network Data Loss Prevention 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.
CVE-2016-1559 2 D-link, Dlink 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more 2025-04-20 2.6 LOW 8.1 HIGH
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2015-2877 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-20 2.1 LOW 3.3 LOW
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
CVE-2016-6060 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.
CVE-2017-1422 1 Ibm 1 Maas360 Dtm 2025-04-20 2.1 LOW 3.3 LOW
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
CVE-2016-8401 1 Linux 1 Linux Kernel 2025-04-20 4.3 MEDIUM 4.7 MEDIUM
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725.
CVE-2017-1434 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 2.1 LOW 4.7 MEDIUM
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
CVE-2016-3124 1 Simplesamlphp 1 Simplesamlphp 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors.