Vulnerabilities (CVE)

Filtered by CWE-200
Total 8075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-0647 1 Google 1 Android 2017-07-08 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
CVE-2017-0646 1 Google 1 Android 2017-07-08 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.
CVE-2017-0645 1 Google 1 Android 2017-07-08 4.3 MEDIUM 5.5 MEDIUM
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.
CVE-2017-0639 1 Google 1 Android 2017-07-08 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.
CVE-2017-0297 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2017-07-08 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.
CVE-2017-0190 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2017-07-08 2.1 LOW 4.4 MEDIUM
The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
CVE-2016-10339 1 Google 1 Android 2017-07-08 5.8 MEDIUM 7.1 HIGH
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.
CVE-2015-9032 1 Google 1 Android 2017-07-08 4.3 MEDIUM 3.3 LOW
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
CVE-2015-9031 1 Google 1 Android 2017-07-08 4.3 MEDIUM 3.3 LOW
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.
CVE-2017-7317 1 Humaxdigital 2 Hg100r, Hg100r Firmware 2017-07-07 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin.
CVE-2017-6706 1 Cisco 1 Prime Collaboration Provisioning 2017-07-07 3.6 LOW 5.1 MEDIUM
A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1.
CVE-2017-6705 1 Cisco 1 Prime Collaboration Provisioning 2017-07-07 2.1 LOW 5.5 MEDIUM
A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1.
CVE-2016-1000214 1 Ruckus 1 Wireless H500 2017-07-07 5.0 MEDIUM 5.3 MEDIUM
Ruckus Wireless H500 web management interface authentication bypass
CVE-2017-7686 1 Apache 1 Ignite 2017-07-06 5.0 MEDIUM 7.5 HIGH
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
CVE-2017-10679 1 Piwigo 1 Piwigo 2017-07-06 5.0 MEDIUM 7.5 HIGH
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
CVE-2016-6083 1 Ibm 1 Tivoli Monitoring 2017-07-05 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
CVE-2016-5045 1 Netapp 1 Oncommand System Manager 2017-07-05 6.8 MEDIUM 8.1 HIGH
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
CVE-2017-9731 1 Yocto Project 1 Yp Core-pyro 2017-07-05 5.0 MEDIUM 7.5 HIGH
In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.
CVE-2017-8575 1 Microsoft 2 Windows 10, Windows Server 2016 2017-07-03 2.1 LOW 5.5 MEDIUM
The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."
CVE-2017-8554 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2017-07-03 1.9 LOW 4.7 MEDIUM
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.