Search Results (10766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4613 1 Apple 4 Apple Tv, Icloud, Itunes and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2017-6076 1 Wolfssl 1 Wolfssl 2025-04-20 N/A
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
CVE-2017-1000114 1 Jenkins 1 Datadog 2025-04-20 N/A
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.
CVE-2017-11791 1 Microsoft 10 Chakracore, Edge, Internet Explorer and 7 more 2025-04-20 N/A
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.
CVE-2017-1000108 1 Jenkins 1 Pipeline-input-step 2025-04-20 N/A
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
CVE-2017-1214 1 Ibm 1 Inotes 2025-04-20 N/A
IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.
CVE-2015-9032 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
CVE-2017-1497 1 Ibm 1 Sterling File Gateway 2025-04-20 N/A
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.
CVE-2017-14991 1 Linux 1 Linux Kernel 2025-04-20 N/A
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
CVE-2016-9349 1 Advantech 1 Susiaccess 2025-04-20 N/A
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
CVE-2017-1000099 1 Haxx 1 Libcurl 2025-04-20 N/A
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
CVE-2017-14954 1 Linux 1 Linux Kernel 2025-04-20 N/A
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
CVE-2017-1000094 1 Jenkins 1 Docker Commons 2025-04-20 N/A
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
CVE-2017-1507 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 N/A
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
CVE-2017-15589 1 Xen 1 Xen 2025-04-20 N/A
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-15085 1 Redhat 3 Enterprise Linux, Gluster Storage, Storage 2025-04-20 N/A
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2016-9748 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 N/A
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
CVE-2017-0792 1 Google 1 Android 2025-04-20 N/A
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.
CVE-2017-0779 1 Google 1 Android 2025-04-20 N/A
A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.
CVE-2017-0777 1 Google 1 Android 2025-04-20 N/A
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.