Search Results (10826 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5347 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.
CVE-2016-10135 1 Lg 1 Lg Mobile 2025-04-20 N/A
An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019.
CVE-2017-1125 1 Ibm 1 Cognos Business Intelligence Server 2025-04-20 N/A
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.
CVE-2017-1131 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.
CVE-2017-4017 1 Mcafee 1 Network Data Loss Prevention 2025-04-20 N/A
User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.
CVE-2016-8671 1 Matrixssl 1 Matrixssl 2025-04-20 N/A
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.
CVE-2016-4843 1 Cybozu 1 Mailwise 2025-04-20 N/A
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
CVE-2016-8923 1 Ibm 1 Curam Social Program Management 2025-04-20 N/A
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.
CVE-2016-5014 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
CVE-2017-5182 1 Novell 1 Open Enterprise Server 2025-04-20 N/A
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
CVE-2017-5372 1 Sap 1 Netweaver 2025-04-20 N/A
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.
CVE-2017-7415 1 Atlassian 1 Confluence Server 2025-04-20 N/A
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
CVE-2017-2642 1 Moodle 1 Moodle 2025-04-20 N/A
Moodle 3.x has user fullname disclosure on the user preferences page.
CVE-2017-5223 1 Phpmailer Project 1 Phpmailer 2025-04-20 N/A
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
CVE-2017-13990 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2025-04-20 N/A
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
CVE-2017-5184 1 Microfocus 1 Sentinel 2025-04-20 N/A
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).
CVE-2017-1230 1 Ibm 1 Bigfix Platform 2025-04-20 N/A
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909.
CVE-2017-9858 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2025-04-20 N/A
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2016-6335 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
CVE-2017-8109 1 Saltstack 1 Salt 2025-04-20 N/A
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).