Export limit exceeded: 10362 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10362 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1557 | 1 Netgear | 6 Wnap320, Wnap320 Firmware, Wndap350 and 3 more | 2025-04-20 | N/A |
| Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | ||||
| CVE-2016-1559 | 2 D-link, Dlink | 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more | 2025-04-20 | N/A |
| D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | ||||
| CVE-2016-1561 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2025-04-20 | N/A |
| ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. | ||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | N/A |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||||
| CVE-2017-11502 | 1 Cisco | 2 Dpc3928ad Docsis Wireless Router, Dpc3928ad Docsis Wireless Router Firmware | 2025-04-20 | N/A |
| Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. | ||||
| CVE-2017-1148 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | N/A |
| IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. | ||||
| CVE-2017-0068 | 1 Microsoft | 1 Edge | 2025-04-20 | N/A |
| Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065. | ||||
| CVE-2016-1603 | 1 Novell | 1 Netiq Idm Servicenow Driver | 2025-04-20 | N/A |
| An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | ||||
| CVE-2017-11448 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.5 Medium |
| The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | ||||
| CVE-2017-11435 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2025-04-20 | 9.8 Critical |
| The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. | ||||
| CVE-2017-1143 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874. | ||||
| CVE-2017-1142 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874. | ||||
| CVE-2017-1141 | 1 Ibm | 1 Insights Foundation For Energy | 2025-04-20 | N/A |
| IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | ||||
| CVE-2017-11387 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512. | ||||
| CVE-2017-11356 | 1 Pega | 1 Pega Platform | 2025-04-20 | N/A |
| The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control. | ||||
| CVE-2017-11327 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | N/A |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. | ||||
| CVE-2017-11325 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | N/A |
| An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. | ||||
| CVE-2017-1131 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | ||||
| CVE-2017-11273 | 1 Adobe | 1 Digital Editions | 2025-04-20 | N/A |
| An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure. | ||||
| CVE-2017-11272 | 1 Adobe | 1 Digital Editions | 2025-04-20 | N/A |
| Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | ||||