Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9512 1 Atlassian 2 Crucible, Fisheye 2025-04-20 7.5 High
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
CVE-2017-13143 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVE-2017-13150 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.
CVE-2017-9526 1 Gnupg 1 Libgcrypt 2025-04-20 N/A
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
CVE-2017-13152 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.
CVE-2016-7977 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2025-04-20 N/A
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVE-2017-13821 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-13836 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-13852 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.
CVE-2017-3836 1 Cisco 1 Unified Communications Manager 2025-04-20 N/A
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
CVE-2017-14085 1 Trendmicro 1 Officescan 2025-04-20 N/A
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
CVE-2017-9788 6 Apache, Apple, Debian and 3 more 18 Http Server, Mac Os X, Debian Linux and 15 more 2025-04-20 N/A
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
CVE-2017-9797 1 Apache 1 Geode 2025-04-20 N/A
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.
CVE-2017-14140 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-20 N/A
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVE-2017-14327 1 Extremenetworks 1 Extremexos 2025-04-20 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.
CVE-2017-1434 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 N/A
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
CVE-2017-4922 1 Vmware 1 Vcenter Server 2025-04-20 N/A
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
CVE-2017-4923 1 Vmware 1 Vcenter Server 2025-04-20 N/A
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
CVE-2015-3454 1 Vulcanjs 1 Vulcan 2025-04-20 N/A
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
CVE-2017-4977 1 Emc 1 Rsa Archer Security Operations Management 2025-04-20 N/A
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.