Search
Total
352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0351 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-03-13 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. | |||||
| CVE-2016-0366 | 1 Ibm | 1 Security Privileged Identity Manager | 2018-03-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071. | |||||
| CVE-2018-1392 | 1 Ibm | 1 Financial Transaction Manager | 2018-03-12 | 3.5 LOW | 3.1 LOW |
| IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377. | |||||
| CVE-2018-0763 | 1 Microsoft | 2 Edge, Windows 10 | 2018-03-09 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0839. | |||||
| CVE-2017-12723 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2018-03-02 | 4.3 MEDIUM | 3.7 LOW |
| A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications. | |||||
| CVE-2017-1681 | 1 Ibm | 1 Liberty | 2018-02-10 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003. | |||||
| CVE-2017-1478 | 1 Ibm | 2 Security Access Manager, Security Access Manager 9.0 Firmware | 2018-02-01 | 2.1 LOW | 3.3 LOW |
| IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. | |||||
| CVE-2017-17864 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-01-13 | 2.1 LOW | 3.3 LOW |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | |||||
| CVE-2017-1669 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. | |||||
| CVE-2017-15321 | 1 Huawei | 1 Fusionsphere Openstack | 2018-01-05 | 4.3 MEDIUM | 3.7 LOW |
| Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | |||||
| CVE-2014-9680 | 1 Sudo Project | 1 Sudo | 2018-01-05 | 2.1 LOW | 3.3 LOW |
| sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | |||||
| CVE-2017-1261 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | |||||
| CVE-2017-15897 | 1 Nodejs | 1 Node.js | 2017-12-29 | 4.3 MEDIUM | 3.1 LOW |
| Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. | |||||
| CVE-2017-15530 | 1 Symantec | 1 Norton Family | 2017-12-27 | 2.1 LOW | 3.3 LOW |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. | |||||
| CVE-2017-1353 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 3.5 LOW | 3.5 LOW |
| IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. | |||||
| CVE-2017-1355 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 4.3 MEDIUM | 3.7 LOW |
| IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. | |||||
| CVE-2017-1497 | 1 Ibm | 1 Sterling File Gateway | 2017-12-18 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |||||
| CVE-2017-2730 | 2 Apple, Huawei | 3 Iphone Os, Hilink, Tech Support | 2017-12-11 | 2.9 LOW | 3.5 LOW |
| HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. | |||||
| CVE-2017-8118 | 1 Huawei | 1 Uma | 2017-12-08 | 2.1 LOW | 2.3 LOW |
| The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||||
| CVE-2017-3319 | 1 Oracle | 1 Mysql | 2017-12-08 | 3.5 LOW | 3.1 LOW |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). | |||||
| CVE-2017-11833 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-12-07 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | |||||
| CVE-2017-11791 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2017-12-07 | 2.6 LOW | 3.1 LOW |
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. | |||||
| CVE-2017-1088 | 1 Freebsd | 1 Freebsd | 2017-12-02 | 2.1 LOW | 3.3 LOW |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace. | |||||
| CVE-2017-1086 | 1 Freebsd | 1 Freebsd | 2017-12-02 | 2.1 LOW | 3.3 LOW |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace. | |||||
| CVE-2017-13805 | 1 Apple | 1 Iphone Os | 2017-11-28 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state. | |||||
| CVE-2017-13801 | 1 Apple | 1 Mac Os X | 2017-11-27 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. | |||||
| CVE-2017-1000242 | 1 Jenkins | 1 Git Client | 2017-11-25 | 2.1 LOW | 3.3 LOW |
| Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | |||||
| CVE-2015-7886 | 1 Netapp | 1 Data Ontap | 2017-11-16 | 4.3 MEDIUM | 3.7 LOW |
| NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. | |||||
| CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-16 | 4.3 MEDIUM | 3.7 LOW |
| Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | |||||
| CVE-2015-8569 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 1.9 LOW | 2.3 LOW |
| The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | |||||
| CVE-2016-9932 | 1 Xen | 1 Xen | 2017-11-04 | 2.1 LOW | 3.3 LOW |
| CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | |||||
| CVE-2017-1228 | 1 Ibm | 1 Bigfix Platform | 2017-10-31 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907. | |||||
| CVE-2017-1211 | 1 Ibm | 1 Daeja Viewone | 2017-10-27 | 1.9 LOW | 2.5 LOW |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. | |||||
| CVE-2017-7148 | 1 Apple | 1 Iphone Os | 2017-10-26 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. | |||||
| CVE-2017-7138 | 1 Apple | 1 Mac Os X | 2017-10-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. | |||||
| CVE-2017-7139 | 1 Apple | 1 Iphone Os | 2017-10-26 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action. | |||||
| CVE-2017-7082 | 1 Apple | 1 Mac Os X | 2017-10-26 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts. | |||||
| CVE-2017-10194 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-10-24 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-1000114 | 1 Jenkins | 1 Datadog | 2017-10-17 | 4.3 MEDIUM | 3.1 LOW |
| The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form. | |||||
| CVE-2017-14772 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2017-10-11 | 2.1 LOW | 3.3 LOW |
| Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. | |||||
| CVE-2015-5070 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2017-10-10 | 3.5 LOW | 3.1 LOW |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | |||||
| CVE-2015-0238 | 1 Redhat | 1 Openshift | 2017-10-10 | 2.1 LOW | 3.3 LOW |
| selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. | |||||
| CVE-2017-1346 | 1 Ibm | 1 Business Process Manager | 2017-09-28 | 1.9 LOW | 2.5 LOW |
| IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. | |||||
| CVE-2015-8224 | 1 Huawei | 2 P8, P8 Firmware | 2017-09-23 | 4.3 MEDIUM | 3.7 LOW |
| Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. | |||||
| CVE-2017-8676 | 1 Microsoft | 14 Live Meeting, Lync, Office and 11 more | 2017-09-21 | 2.1 LOW | 3.3 LOW |
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." | |||||
| CVE-2015-6858 | 1 Hp | 1 Insight Management | 2017-09-13 | 4.3 MEDIUM | 3.7 LOW |
| HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2513 | 1 Djangoproject | 1 Django | 2017-09-08 | 2.6 LOW | 3.1 LOW |
| The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | |||||
| CVE-2016-8016 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 3.5 LOW | 3.4 LOW |
| Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | |||||
| CVE-2016-2978 | 1 Ibm | 1 Sametime | 2017-09-03 | 2.1 LOW | 3.3 LOW |
| IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938. | |||||
| CVE-2016-2974 | 1 Ibm | 1 Sametime | 2017-09-01 | 2.1 LOW | 3.3 LOW |
| IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934. | |||||