Total
8698 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8707 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2008 and 1 more | 2024-09-17 | N/A |
| The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | ||||
| CVE-2017-12083 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-09-17 | N/A |
| An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. | ||||
| CVE-2009-4333 | 1 Ibm | 1 Db2 | 2024-09-17 | N/A |
| The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | ||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2024-09-17 | N/A |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | ||||
| CVE-2017-0850 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. | ||||
| CVE-2018-0755 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-09-17 | N/A |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855. | ||||
| CVE-2017-15236 | 1 Tiandy | 2 Tiandy Ip Camera, Tiandy Ip Camera Firmware | 2024-09-17 | N/A |
| Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt. | ||||
| CVE-2017-1251 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-09-17 | N/A |
| An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | ||||
| CVE-2018-1380 | 1 Ibm | 1 Infosphere Master Data Management | 2024-09-17 | N/A |
| IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. | ||||
| CVE-2018-1392 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | N/A |
| IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377. | ||||
| CVE-2010-0652 | 1 Microsoft | 1 Internet Explorer | 2024-09-17 | N/A |
| Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. | ||||
| CVE-2012-6459 | 2 Intel, Linux | 2 Connman, Tizen | 2024-09-17 | N/A |
| ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | ||||
| CVE-2018-0899 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-09-17 | N/A |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| CVE-2021-28805 | 1 Qnap | 5 Qss, Qsw-m2108-2c, Qsw-m2108-2s and 2 more | 2024-09-17 | 7.8 High |
| Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408. | ||||
| CVE-2017-0783 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. | ||||
| CVE-2018-13391 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-17 | N/A |
| The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. | ||||
| CVE-2015-9236 | 1 Hapijs | 1 Hapi | 2024-09-17 | N/A |
| Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route. | ||||
| CVE-2018-1568 | 1 Ibm | 1 Qradar Incident Forensics | 2024-09-17 | N/A |
| IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118. | ||||
| CVE-2018-13875 | 1 Hdfgroup | 1 Hdf5 | 2024-09-17 | N/A |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. | ||||
| CVE-2017-2744 | 1 Hp | 1 Support Assistant | 2024-09-17 | N/A |
| The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. | ||||