Filtered by CWE-200
Total 9490 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-18704 1 Netgear 36 D6220, D6220 Firmware, D6400 and 33 more 2024-11-21 6.5 Medium
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.
CVE-2017-18694 2 Google, Samsung 8 Android, Exynos 5250, Exynos 5260 and 5 more 2024-11-21 5.3 Medium
An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017).
CVE-2017-18687 1 Google 1 Android 2024-11-21 5.3 Medium
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017).
CVE-2017-18686 1 Google 1 Android 2024-11-21 5.3 Medium
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017).
CVE-2017-18643 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017).
CVE-2017-18642 1 Syska 2 Smartlight Rainbow Led Smart Bulb, Smartlight Rainbow Led Smart Bulb Firmware 2024-11-21 6.5 Medium
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.
CVE-2017-18550 1 Linux 1 Linux Kernel 2024-11-21 N/A
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
CVE-2017-18549 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
CVE-2017-18478 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
CVE-2017-18474 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
CVE-2017-18436 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
CVE-2017-18432 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
CVE-2017-18428 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
CVE-2017-18424 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
CVE-2017-18396 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
CVE-2017-18391 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
CVE-2017-18355 1 Google 1 Rendertron 2024-11-21 N/A
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.
CVE-2017-18345 1 Joomanager Project 1 Joomanager 2024-11-21 N/A
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
CVE-2017-18332 1 Qualcomm 56 Mdm9607, Mdm9607 Firmware, Mdm9635m and 53 more 2024-11-21 N/A
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130
CVE-2017-18326 1 Qualcomm 68 Mdm9607, Mdm9607 Firmware, Mdm9615 and 65 more 2024-11-21 N/A
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.