Vulnerabilities (CVE)

Filtered by CWE-200
Total 7433 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8469 1 Microsoft 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.
CVE-2017-8462 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-11-21 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.
CVE-2017-8460 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2024-11-21 4.4 MEDIUM 7.3 HIGH
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".
CVE-2017-8450 1 Elastic 1 X-pack 2024-11-21 4.0 MEDIUM 7.5 HIGH
X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.
CVE-2017-8449 1 Elastic 1 X-pack 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.
CVE-2017-8443 1 Elastic 1 Kibana 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
CVE-2017-8442 1 Elastic 1 X-pack 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.
CVE-2017-8441 1 Elastic 1 X-pack 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.
CVE-2017-8360 3 Conexant, Hp, Microsoft 29 Mictray64, Elite X2 1012 G1, Elitebook 1030 G1 and 26 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
CVE-2017-8337 1 Securifi 6 Almond, Almond\+, Almond\+firmware and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests.
CVE-2017-8281 1 Google 1 Android 2024-11-21 2.6 LOW 4.7 MEDIUM
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.
CVE-2017-8269 1 Google 1 Android 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.
CVE-2017-8258 1 Google 1 Android 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.
CVE-2017-8254 1 Google 1 Android 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
CVE-2017-8239 1 Google 1 Android 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
CVE-2017-8183 1 Huawei 2 Mtk Platform Smart Phone, Mtk Platform Smart Phone Firmware 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage.
CVE-2017-8165 1 Huawei 2 Mate 9, Mate 9 Firmware 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak.
CVE-2017-8136 1 Huawei 1 Hedex Lite 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak.
CVE-2017-8130 1 Huawei 1 Uma 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
CVE-2017-8121 1 Huawei 1 Uma 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.