Search Results (10772 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14772 1 Skyboxsecurity 1 Skybox Manager Client Application 2025-04-20 N/A
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.
CVE-2017-14775 1 Laravel 1 Laravel 2025-04-20 N/A
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
CVE-2017-15205 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
CVE-2017-15210 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
CVE-2017-1484 1 Ibm 1 Websphere Commerce 2025-04-20 N/A
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
CVE-2017-1487 1 Ibm 1 Sterling File Gateway 2025-04-20 N/A
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.
CVE-2016-1556 1 Netgear 12 Wn604, Wn604 Firmware, Wnap320 and 9 more 2025-04-20 N/A
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
CVE-2017-14140 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-20 N/A
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVE-2016-7614 1 Apple 1 Icloud 2025-04-20 N/A
An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors.
CVE-2017-0785 1 Google 1 Android 2025-04-20 N/A
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
CVE-2017-15583 1 Hitachienergy 2 Fox515t, Fox515t Firmware 2025-04-20 N/A
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
CVE-2017-8739 1 Microsoft 2 Edge, Windows 10 2025-04-20 N/A
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
CVE-2016-8492 1 Fortinet 1 Fortios 2025-04-20 N/A
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
CVE-2017-9682 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
CVE-2017-16633 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVE-2016-9720 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.
CVE-2017-17696 1 Techno - Portfolio Management Panel Project 1 Techno - Portfolio Management Panel 2025-04-20 N/A
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.
CVE-2016-9725 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.
CVE-2017-1538 1 Ibm 1 Financial Transaction Manager 2025-04-20 N/A
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.
CVE-2017-0495 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.