Filtered by CWE-200
Total 9494 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-2624 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 N/A
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
CVE-2017-2622 1 Redhat 1 Openstack 2024-11-21 N/A
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
CVE-2017-2609 1 Jenkins 1 Jenkins 2024-11-21 N/A
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
CVE-2017-2606 1 Jenkins 1 Jenkins 2024-11-21 N/A
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.
CVE-2017-2603 1 Jenkins 1 Jenkins 2024-11-21 N/A
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
CVE-2017-2600 1 Jenkins 1 Jenkins 2024-11-21 N/A
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
CVE-2017-2585 1 Redhat 5 Enterprise Linux Server, Jboss Single Sign On, Keycloak and 2 more 2024-11-21 N/A
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
CVE-2017-2582 1 Redhat 3 Enterprise Linux, Jboss Enterprise Application Platform, Keycloak 2024-11-21 N/A
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
CVE-2017-2493 2 Apple, Microsoft 5 Icloud, Iphone Os, Safari and 2 more 2024-11-21 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.
CVE-2017-20178 1 Codiad 1 Codiad 2024-11-21 3.1 Low
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2017-20007 1 Ingeteam 2 Ingepac Da Au, Ingepac Da Au Firmware 2024-11-21 5.3 Medium
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device“s web service could exploit this vulnerability in order to obtain different configuration files.
CVE-2017-1785 1 Ibm 1 Api Connect 2024-11-21 N/A
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
CVE-2017-1784 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.
CVE-2017-1774 1 Ibm 1 Security Guardium Big Data Intelligence 2024-11-21 N/A
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.
CVE-2017-1768 1 Ibm 1 Security Guardium Big Data Intelligence 2024-11-21 N/A
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.
CVE-2017-1765 1 Ibm 2 Business Process Manager, Business Process Manager Enterprise Service Bus 2024-11-21 N/A
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.
CVE-2017-1756 1 Ibm 3 Business Process Manager, Business Process Manager Enterprise Service Bus, Websphere 2024-11-21 N/A
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
CVE-2017-1752 1 Ibm 1 Urbancode Deploy 2024-11-21 N/A
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.
CVE-2017-1743 1 Ibm 1 Websphere Application Server 2024-11-21 N/A
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
CVE-2017-1741 1 Ibm 1 Websphere Application Server 2024-11-21 N/A
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.