Search Results (10828 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8532 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 N/A
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.
CVE-2017-8533 1 Microsoft 8 Office, Windows 10, Windows 7 and 5 more 2025-04-20 N/A
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.
CVE-2017-8534 1 Microsoft 3 Office, Windows 7, Windows Server 2008 2025-04-20 N/A
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.
CVE-2017-9134 1 Mimosa 2 Backhaul Radios, Client Radios 2025-04-20 N/A
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number.
CVE-2017-9149 1 Metadata Anonymisation Toolkit Project 1 Metadata Anonymisation Toolkit 2025-04-20 N/A
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.
CVE-2017-9150 1 Linux 1 Linux Kernel 2025-04-20 N/A
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
CVE-2017-9245 1 Google 1 News And Weather 2025-04-20 N/A
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
CVE-2017-9812 1 Kaspersky 1 Anti-virus For Linux Server 2025-04-20 N/A
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
CVE-2017-9858 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2025-04-20 N/A
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2017-9862 1 Sma 1 Sunny Explorer 2025-04-20 N/A
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2017-9868 2 Debian, Eclipse 2 Debian Linux, Mosquitto 2025-04-20 N/A
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
CVE-2017-9933 1 Joomla 1 Joomla\! 2025-04-20 N/A
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVE-2017-9960 1 Schneider-electric 1 U.motion Builder 2025-04-20 N/A
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.
CVE-2017-9978 1 Osnexus 1 Quantastor 2025-04-20 N/A
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
CVE-2017-9993 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2025-04-20 N/A
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
CVE-2017-5995 1 Netapp 1 Ontap Select Deploy Administration Utility 2025-04-20 7.5 High
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-1257 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
CVE-2017-1261 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
CVE-2017-12616 2 Apache, Redhat 2 Tomcat, Jboss Enterprise Web Server 2025-04-20 N/A
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
CVE-2017-12625 1 Apache 1 Hive 2025-04-20 N/A
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.