Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-17280

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-09 Mar, 2018 | 17:00
Updated At-05 Aug, 2024 | 20:43
Rejected At-
Credits

NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:09 Mar, 2018 | 17:00
Updated At:05 Aug, 2024 | 20:43
Rejected At:
▼CVE Numbering Authority (CNA)

NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei Technologies Co., Ltd.
Product
LON-AL00B
Versions
Affected
  • LON-AL00BC00
Problem Types
TypeCWE IDDescription
textN/Ainformation leak
Type: text
CWE ID: N/A
Description: information leak
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
x_refsource_CONFIRM
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:09 Mar, 2018 | 17:29
Updated At:27 Mar, 2018 | 17:43

NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.03.5LOW
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary2.02.9LOW
AV:A/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.9
Base severity: LOW
Vector:
AV:A/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>lon-al00b_firmware>>lon-al00bc00
cpe:2.3:o:huawei:lon-al00b_firmware:lon-al00bc00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>lon-al00b>>-
cpe:2.3:h:huawei:lon-al00b:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-enpsirt@huawei.com
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

123Records found
CVE-2024-56443
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:37
Updated-13 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-9082
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-3.5||LOW
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 09:36
Updated-14 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_20mate_20_firmwareHUAWEI Mate 20
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8757
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.08% / 23.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p9_firmwarep9P9 EVA-AL10C00B192 and earlier versions,EVA-DL10C00B192 and earlier versions,EVA-TL10C00B192 and earlier versions,EVA-CL10C00B192 and earlier versions
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-6539
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-3.5||LOW
EPSS-0.16% / 37.75%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Action-Not Available
Vendor-thetrackrTrackR
Product-trackrtrackr_firmwareBravo Mobile Application
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-2422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.13% / 33.60%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.

Action-Not Available
Vendor-intuitn/a
Product-quickbooksn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.92%
||
7 Day CHG~0.00%
Published-04 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257.

Action-Not Available
Vendor-babyphonemobilen/a
Product-wifi_baby_monitorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20871
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.82%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 03:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.

Action-Not Available
Vendor-konicaminoltaKONICA MINOLTA, INC.
Product-bizhub_c759_firmwarebizhub_c754ebizhub_c3351_firmwarebizhub_300i_firmwarebizhub_c257i_firmwarebizhub_654bizhub_c3851bizhub_958bizhub_c287i_firmwarebizhub_558e_firmwarebizhub_308bizhub_c658bizhub_284ebizhub_c364ebizhub_360ibizhub_c750ibizhub_754ebizhub_808_firmwarebizhub_458bizhub_c454_firmwarebizhub_c300i_firmwarebizhub_c558bizhub_c364_firmwarebizhub_754bizhub_c554_firmwarebizhub_368_firmwarebizhub_4700i_firmwarebizhub_454e_firmwarebizhub_558_firmwarebizhub_284e_firmwarebizhub_458e_firmwarebizhub_c3350i_firmwarebizhub_c554bizhub_650ibizhub_c3851fs_firmwarebizhub_c650ibizhub_c300ibizhub_c754_firmwarebizhub_246i_firmwarebizhub_368ebizhub_558bizhub_654e_firmwarebizhub_306ibizhub_306i_firmwarebizhub_c3851_firmwarebizhub_4750ibizhub_654ebizhub_c227ibizhub_c3300ibizhub_808bizhub_c4000i_firmwarebizhub_266i_firmwarebizhub_c4050ibizhub_550i_firmwarebizhub_287_firmwarebizhub_558ebizhub_c3350ibizhub_650i_firmwarebizhub_4052bizhub_c554ebizhub_226i_firmwarebizhub_c284_firmwarebizhub_4750i_firmwarebizhub_754e_firmwarebizhub_458_firmwarebizhub_4700ibizhub_450i_firmwarebizhub_c654ebizhub_266ibizhub_c368bizhub_360i_firmwarebizhub_c308bizhub_c287ibizhub_c360ibizhub_300ibizhub_c754bizhub_c3300i_firmwarebizhub_246ibizhub_c224_firmwarebizhub_c3351bizhub_308e_firmwarebizhub_c257ibizhub_c284ebizhub_550ibizhub_c284e_firmwarebizhub_c224e_firmwarebizhub_c759bizhub_c659bizhub_c450i_firmwarebizhub_c287bizhub_c658_firmwarebizhub_c308_firmwarebizhub_c227_firmwarebizhub_c754e_firmwarebizhub_c659_firmwarebizhub_c454ebizhub_c450ibizhub_c284bizhub_654_firmwarebizhub_c3320i_firmwarebizhub_287bizhub_368bizhub_750i_firmwarebizhub_750ibizhub_4050i_firmwarebizhub_308_firmwarebizhub_4752bizhub_c654bizhub_c458bizhub_c558_firmwarebizhub_758bizhub_c4050i_firmwarebizhub_4752_firmwarebizhub_c550ibizhub_c750i_firmwarebizhub_c3851fsbizhub_c227i_firmwarebizhub_c364e_firmwarebizhub_958_firmwarebizhub_227_firmwarebizhub_c224bizhub_c258bizhub_c554e_firmwarebizhub_c250i_firmwarebizhub_450ibizhub_c650i_firmwarebizhub_c550i_firmwarebizhub_658ebizhub_c458_firmwarebizhub_4052_firmwarebizhub_c368_firmwarebizhub_454ebizhub_c360i_firmwarebizhub_368e_firmwarebizhub_c224ebizhub_c454bizhub_4050ibizhub_226ibizhub_554ebizhub_c364bizhub_c250ibizhub_364e_firmwarebizhub_224ebizhub_c4000ibizhub_458ebizhub_554e_firmwarebizhub_758_firmwarebizhub_c3320ibizhub_364ebizhub_c287_firmwarebizhub_224e_firmwarebizhub_754_firmwarebizhub_c654e_firmwarebizhub_c258_firmwarebizhub_c454e_firmwarebizhub_227bizhub_c654_firmwarebizhub_c227bizhub_658e_firmwarebizhub_308ebizhub series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2509
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.07%
||
7 Day CHG~0.00%
Published-18 Feb, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

Action-Not Available
Vendor-beldenn/a
Product-hirschmann_l2ehirschmann_l2bhirschmann_l3phirschmann_l2phirschmann_firmwarehirschmann_l3en/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20869
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.85%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 03:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.

Action-Not Available
Vendor-konicaminoltaKONICA MINOLTA, INC.
Product-bizhub_c759_firmwarebizhub_c754ebizhub_c3351_firmwarebizhub_300i_firmwarebizhub_c257i_firmwarebizhub_654bizhub_c3851bizhub_958bizhub_c287i_firmwarebizhub_558e_firmwarebizhub_308bizhub_c658bizhub_284ebizhub_c364ebizhub_360ibizhub_c750ibizhub_754ebizhub_808_firmwarebizhub_458bizhub_c454_firmwarebizhub_c300i_firmwarebizhub_c558bizhub_c364_firmwarebizhub_754bizhub_c554_firmwarebizhub_368_firmwarebizhub_4700i_firmwarebizhub_454e_firmwarebizhub_558_firmwarebizhub_284e_firmwarebizhub_458e_firmwarebizhub_c3350i_firmwarebizhub_c554bizhub_650ibizhub_c3851fs_firmwarebizhub_c650ibizhub_c300ibizhub_c754_firmwarebizhub_246i_firmwarebizhub_368ebizhub_558bizhub_654e_firmwarebizhub_306ibizhub_306i_firmwarebizhub_c3851_firmwarebizhub_4750ibizhub_654ebizhub_c227ibizhub_c3300ibizhub_808bizhub_c4000i_firmwarebizhub_266i_firmwarebizhub_c4050ibizhub_550i_firmwarebizhub_287_firmwarebizhub_558ebizhub_c3350ibizhub_650i_firmwarebizhub_4052bizhub_c554ebizhub_226i_firmwarebizhub_c284_firmwarebizhub_4750i_firmwarebizhub_754e_firmwarebizhub_458_firmwarebizhub_4700ibizhub_450i_firmwarebizhub_c654ebizhub_266ibizhub_c368bizhub_360i_firmwarebizhub_c308bizhub_c287ibizhub_c360ibizhub_300ibizhub_c754bizhub_c3300i_firmwarebizhub_246ibizhub_c224_firmwarebizhub_c3351bizhub_308e_firmwarebizhub_c257ibizhub_c284ebizhub_550ibizhub_c284e_firmwarebizhub_c224e_firmwarebizhub_c759bizhub_c659bizhub_c450i_firmwarebizhub_c287bizhub_c658_firmwarebizhub_c308_firmwarebizhub_c227_firmwarebizhub_c754e_firmwarebizhub_c659_firmwarebizhub_c454ebizhub_c450ibizhub_c284bizhub_654_firmwarebizhub_c3320i_firmwarebizhub_287bizhub_368bizhub_750i_firmwarebizhub_750ibizhub_4050i_firmwarebizhub_308_firmwarebizhub_4752bizhub_c654bizhub_c458bizhub_c558_firmwarebizhub_758bizhub_c4050i_firmwarebizhub_4752_firmwarebizhub_c550ibizhub_c750i_firmwarebizhub_c3851fsbizhub_c227i_firmwarebizhub_c364e_firmwarebizhub_958_firmwarebizhub_227_firmwarebizhub_c224bizhub_c258bizhub_c554e_firmwarebizhub_c250i_firmwarebizhub_450ibizhub_c650i_firmwarebizhub_c550i_firmwarebizhub_658ebizhub_c458_firmwarebizhub_4052_firmwarebizhub_c368_firmwarebizhub_454ebizhub_c360i_firmwarebizhub_368e_firmwarebizhub_c224ebizhub_c454bizhub_4050ibizhub_226ibizhub_554ebizhub_c364bizhub_c250ibizhub_364e_firmwarebizhub_224ebizhub_c4000ibizhub_458ebizhub_554e_firmwarebizhub_758_firmwarebizhub_c3320ibizhub_364ebizhub_c287_firmwarebizhub_224e_firmwarebizhub_754_firmwarebizhub_c654e_firmwarebizhub_c258_firmwarebizhub_c454e_firmwarebizhub_227bizhub_c654_firmwarebizhub_c227bizhub_658e_firmwarebizhub_308ebizhub series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6641
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.1||LOW
EPSS-0.07% / 20.58%
||
7 Day CHG~0.00%
Published-06 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1059
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 48.81%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 18:00
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Action-Not Available
Vendor-dpdkCanonical Ltd.Red Hat, Inc.
Product-ceph_storageubuntu_linuxenterprise_linux_fast_datapathvirtualizationvirtualization_manageropenshiftopenstackenterprise_linuxdata_plane_development_kitDPDK
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4961
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.6||LOW
EPSS-0.10% / 27.64%
||
7 Day CHG~0.00%
Published-24 Nov, 2016 | 19:41
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tealeaf_customer_experiencen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-28 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Action-Not Available
Vendor-n/aopenSUSESUSEXen ProjectFedora ProjectDebian GNU/Linux
Product-fedoraopensusesuse_linux_enterprise_serverlinux_enterprise_desktopsuse_linux_enterprise_desktopxendebian_linuxsuse_linux_enterprise_software_development_kitlinux_enterprise_software_development_kitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-10599
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.94%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.

Action-Not Available
Vendor-ICS-CERTPhilips
Product-intellivue_np90_firmwareavalon_fetal\/maternal_monitors_fm50_firmwareintellivue_mp50_firmwareintellivue_mx800intellivue_mx100_firmwareavalon_fetal\/maternal_monitors_fm40_firmwareavalon_fetal\/maternal_monitors_fm20intellivue_mx700intellivue_mx550_firmwareintellivue_mx800_firmwareintellivue_mx400_firmwareintellivue_mx450intellivue_mp30intellivue_mx700_firmwareintellivue_mp30_firmwareintellivue_mp2avalon_fetal\/maternal_monitors_fm30_firmwareintellivue_x2_firmwareintellivue_np90intellivue_mp70_firmwareavalon_fetal\/maternal_monitors_fm50intellivue_mx500intellivue_mp70intellivue_x3intellivue_mp2_firmwareavalon_fetal\/maternal_monitors_fm20_firmwareintellivue_mp50intellivue_x2avalon_fetal\/maternal_monitors_fm30intellivue_mx450_firmwareintellivue_mx100intellivue_x3_firmwareavalon_fetal\/maternal_monitors_fm40intellivue_mx500_firmwareintellivue_mx550intellivue_mx400IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4750
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

Action-Not Available
Vendor-n/aIBM Corporation
Product-powervcn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3984
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.11% / 30.06%
||
7 Day CHG~0.00%
Published-26 May, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sametimen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-25 Oct, 2019 | 15:44
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L has Information Disclosure.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-16673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.42%
||
7 Day CHG~0.00%
Published-09 Nov, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."

Action-Not Available
Vendor-datton/a
Product-backup_agentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-1615
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-2.9||LOW
EPSS-0.11% / 30.77%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-security_information_managersecurity_information_manager_appliancen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0043
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.99% / 90.33%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2012windows_10windows_server_2016Active Directory Federation Services
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-6026
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.54%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_secure_proxyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0570
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.32%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.

Action-Not Available
Vendor-n/aIBM Corporation
Product-network_operating_systemflex_system_fabric_cn4093rackswitch_g8124-erflex_system_si4093_rackswitch_g8264rackswitch_g8264-trackswitch_g8264csvirtual_fabricrackswitch_g8124-erackswitch_g8316rackswitch_g8124flex_system_fabric_en4093n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-1945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.19% / 41.35%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeythunderbirdthunderbird_esrn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found