CVE Daily
← All tags

Tag: Information Disclosure

All CVEs associated with "Information Disclosure". Page 68/75 • 8949 CVEs.

Subscribe CVEs: RSS for “Information Disclosure”  ·  RSS (High+Critical only)

About “Information Disclosure”

A curated feed of “Information Disclosure”-related CVEs appears below. We currently track 8949 CVEs for this tag (all time). In the last 365 days, 1212 were published. Average CVSS is 6.0 (all time; 6.1 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-125 - Out-of-bounds Read, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-04-13
High

CVE-2017-0361

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-04-12
Medium

CVE-2018-1037

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Stu…

CVSS: 4.3 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2018-1007

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microso…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2018-1000

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This a…

CVSS: 5.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0998

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft E…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2018-0989

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This a…

CVSS: 4.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0987

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability."…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2018-0981

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This a…

CVSS: 5.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0975

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0974

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0973

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0972

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0971

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0970

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0969

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0968

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0964

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V In…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2018-0960

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0957

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V In…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Informatio…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2018-0892

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This C…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0887

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
2018-04-11
High

CVE-2018-0018

On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may u…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-15327

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-04-10
Medium

CVE-2018-3838

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-3837

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bou…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-04-09
Low

CVE-2017-2826

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration inf…

CVSS: 3.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-04-05
Medium

CVE-2017-0748

An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-04-04
High

CVE-2018-9275

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosu…

CVSS: 8.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-1421

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vu…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Low

CVE-2017-6426

An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2017-6425

An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-8486

An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-8485

An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2016-10236

An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-10234

An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13269

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13268

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13262

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution pri…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-13261

In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution pr…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-13260

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-13259

In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution pr…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-13258

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-13257

In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no ad…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-13305

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-13304

A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13303

A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13298

A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13297

A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13296

A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13294

A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13290

In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges…

CVSS: 6.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-13275

In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. Us…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-04-03
High

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trig…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2018-03-30
High

CVE-2017-11087

libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading t…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-9681

In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-9144

In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-03-29
High

CVE-2018-1191

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticat…

CVSS: 8.8 CWE: CWE-215 - Insertion of Sensitive Information Into Debugging Code View on NVD
2018-03-27
High

CVE-2018-1266

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application b…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2018-03-21
High

CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaint…

CVSS: 7.2 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2017-0922

Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

CVSS: 7.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2018-03-20
Medium

CVE-2017-17319

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multi…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, w…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-03-16
High

CVE-2017-15833

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to in…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-15814

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_f…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-03-14
Medium

CVE-2018-7496

An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosur…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0941

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exc…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0939

ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnera…

CVSS: 4.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0932

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0929

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0927

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0926

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 201…

CVSS: 6.5 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Low

CVE-2018-0919

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Shar…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-0904

The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Win…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0901

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2018-0900

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0899

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0898

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0897

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2018-0896

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0895

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2018-0894

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 4.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in W…

CVSS: 4.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2018-0888

The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and…

CVSS: 5.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0879

Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2018-0878

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Serv…

CVSS: 3.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2018-0814

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2018-0813

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2018-0811

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
2018-03-13
High

CVE-2018-1000126

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. T…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2018-1000123

Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that…

CVSS: 9.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2018-03-12
Medium

CVE-2017-6288

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-6287

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. A…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-6285

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-03-09
Medium

CVE-2017-17328

Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks th…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2017-17323

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2017-17322

Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain p…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-17303

Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC30…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-03-06
Medium

CVE-2018-5467

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An informa…

CVSS: 6.5 CWE: CWE-598 - Use of HTTP Request With Sensitive Query String View on NVD
High

CVE-2017-6295

NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial…

CVSS: 8.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-6284

NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened enc…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-6283

NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is r…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-6280

NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-03-05
High

CVE-2017-7633

QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-03-02
Medium

CVE-2017-14461

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-02-27
Medium

CVE-2017-16770

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain…

CVSS: 6.5 CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory View on NVD
2018-02-21
High

CVE-2017-1758

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Ad…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2017-12161

It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious pa…

CVSS: 8.8 CWE: CWE-602 - Client-Side Enforcement of Server-Side Security View on NVD
2018-02-20
Medium

CVE-2018-5477

An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior,…

CVSS: 5.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-02-19
Critical

CVE-2017-16924

Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration polici…

CVSS: 9.8 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
2018-02-15
Medium

CVE-2017-8985

HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-5812

A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2017-5785

A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8531

A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8514

A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-15340

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0864

SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosur…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-0855

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2018-0853

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office i…

CVSS: 3.3 CWE: CWE-665 - Improper Initialization View on NVD