Export limit exceeded: 10356 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10356 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2380 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | N/A |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | ||||
| CVE-2017-8860 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | N/A |
| Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request. | ||||
| CVE-2017-8877 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2025-04-20 | N/A |
| ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | ||||
| CVE-2017-16687 | 1 Sap | 1 Hana Database | 2025-04-20 | N/A |
| The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid. | ||||
| CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | N/A |
| Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | ||||
| CVE-2017-8360 | 3 Conexant, Hp, Microsoft | 29 Mictray64, Elite X2 1012 G1, Elitebook 1030 G1 and 26 more | 2025-04-20 | N/A |
| Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. | ||||
| CVE-2017-8281 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | ||||
| CVE-2016-2374 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | N/A |
| An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. | ||||
| CVE-2017-1507 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | N/A |
| IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | ||||
| CVE-2017-8269 | 1 Google | 1 Android | 2025-04-20 | N/A |
| Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. | ||||
| CVE-2017-8258 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. | ||||
| CVE-2017-8254 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | ||||
| CVE-2016-2372 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | N/A |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | ||||
| CVE-2017-8239 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. | ||||
| CVE-2017-3556 | 1 Oracle | 1 Application Object Library | 2025-04-20 | N/A |
| Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2016-2367 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | N/A |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. | ||||
| CVE-2017-8183 | 1 Huawei | 2 Mtk Platform Smart Phone, Mtk Platform Smart Phone Firmware | 2025-04-20 | N/A |
| MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage. | ||||
| CVE-2017-7899 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2025-04-20 | N/A |
| An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval. | ||||
| CVE-2017-3842 | 1 Cisco | 1 Intrusion Prevention System Device Manager | 2025-04-20 | N/A |
| A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7. | ||||
| CVE-2017-15085 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Storage | 2025-04-20 | N/A |
| It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | ||||