CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11776 | high | 7.5 | 7.5 | 9y ago | Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | |||
| CVE-2017-11772 | high | 7.5 | 7.5 | 9y ago | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-15290 | high | 7.5 | 7.5 | 9y ago | Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data… | |||
| CVE-2017-15268 | high | 7.5 | 7.5 | 9y ago | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | |||
| CVE-2017-15286 | high | 7.5 | 7.5 | 9y ago | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never in… | |||
| CVE-2017-15267 | high | 7.5 | 7.5 | 9y ago | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | |||
| CVE-2017-5722 | high | 7.5 | 7.5 | 9y ago | Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enfo… | |||
| CVE-2017-5721 | high | 7.5 | 7.5 | 9y ago | Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipul… | |||
| CVE-2017-15193 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. | |||
| CVE-2017-15192 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have th… | |||
| CVE-2017-15191 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | |||
| CVE-2017-15190 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. | |||
| CVE-2017-15189 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. | |||
| CVE-2017-9717 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur. | |||
| CVE-2017-9715 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur. | |||
| CVE-2017-11064 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PN… | |||
| CVE-2017-11062 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentia… | |||
| CVE-2017-11061 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer o… | |||
| CVE-2017-11060 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PN… | |||
| CVE-2017-11055 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION c… | |||
| CVE-2017-11054 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can oc… | |||
| CVE-2017-11052 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor comm… | |||
| CVE-2017-11051 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffe… | |||
| CVE-2017-14943 | high | 7.5 | 7.5 | 9y ago | Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is indep… | |||
| CVE-2017-14603 | high | 7.5 | 7.5 | 9y ago | In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allo… | |||
| CVE-2017-14972 | high | 7.5 | 7.5 | 9y ago | InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. | |||
| CVE-2017-15084 | medium | 6.5 | 7.5 | 9y ago | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | |||
| CVE-2017-15079 | high | 7.5 | 7.5 | 9y ago | The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | |||
| CVE-2017-9272 | high | 7.5 | 7.5 | 9y ago | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | |||
| CVE-2017-1002153 | high | 7.5 | 7.5 | 9y ago | Koji blacklisted paths workaround | |||
| CVE-2017-1000254 | high | 7.5 | 7.5 | 9y ago | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory wi… | |||
| CVE-2017-13998 | high | 7.5 | 7.5 | 9y ago | An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | |||
| CVE-2017-15033 | high | 7.5 | 7.5 | 9y ago | ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | |||
| CVE-2017-12270 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (… | |||
| CVE-2017-12263 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka… | |||
| CVE-2017-1000118 | high | 7.5 | 7.5 | 9y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core | |||
| CVE-2017-1000115 | high | 7.5 | 7.5 | 9y ago | Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | |||
| CVE-2017-1000108 | high | 7.5 | 7.5 | 9y ago | Jenkins Pipeline: Input Step Plugin | |||
| CVE-2017-1000098 | high | 7.5 | 7.5 | 9y ago | Denial of service when parsing large forms in mime/multipart | |||
| CVE-2017-1000097 | high | 7.5 | 7.5 | 9y ago | Mishandled trust preferences for root certificates on Darwin in crypto/x509 | |||
| CVE-2017-1000092 | high | 7.5 | 7.5 | 9y ago | Cross-Site Request Forgery in Jenkins Git Plugin | |||
| CVE-2017-15011 | high | 7.5 | 7.5 | 9y ago | The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an uns… | |||
| CVE-2017-15010 | high | 7.5 | 7.5 | 9y ago | A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie ma… | |||
| CVE-2017-12820 | high | 7.5 | 7.5 | 9y ago | Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | |||
| CVE-2017-12818 | high | 7.5 | 7.5 | 9y ago | Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | |||
| CVE-2017-11122 | high | 7.5 | 7.5 | 9y ago | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. | |||
| CVE-2017-0825 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. | |||
| CVE-2017-0823 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. | |||
| CVE-2017-0820 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433. | |||
| CVE-2017-0819 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. | |||
| CVE-2017-0818 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671. | |||
| CVE-2017-0817 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430. | |||
| CVE-2017-0814 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140. | |||
| CVE-2017-0813 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. | |||
| CVE-2017-0808 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. | |||
| CVE-2017-8018 | high | 7.5 | 7.5 | 9y ago | EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affec… | |||
| CVE-2017-1569 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | |||
| CVE-2017-14979 | high | 7.5 | 7.5 | 9y ago | Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, re… | |||
| CVE-2017-13704 | high | 7.5 | 7.5 | 9y ago | In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0x… | |||
| CVE-2017-11498 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of se… | |||
| CVE-2017-14977 | high | 7.5 | 7.5 | 9y ago | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to laun… | |||
| CVE-2017-14976 | high | 7.5 | 7.5 | 9y ago | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an at… | |||
| CVE-2017-14975 | high | 7.5 | 7.5 | 9y ago | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch… | |||
| CVE-2017-14797 | high | 7.5 | 7.5 | 9y ago | Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obta… | |||
| CVE-2017-14944 | high | 7.5 | 7.5 | 9y ago | Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |||
| CVE-2017-14935 | high | 7.5 | 7.5 | 9y ago | Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | |||
| CVE-2017-14929 | high | 7.5 | 7.5 | 9y ago | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilin… | |||
| CVE-2017-9790 | high | 7.5 | 7.5 | 9y ago | Use after free in Apache Mesos | |||
| CVE-2017-7687 | high | 7.5 | 7.5 | 9y ago | Denial of service in Apache Mesos | |||
| CVE-2017-2551 | high | 7.5 | 7.5 | 9y ago | Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | |||
| CVE-2017-1577 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences … | |||
| CVE-2017-14849 | high | 7.5 | 7.5 | 9y ago | Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | |||
| CVE-2017-14841 | medium | 6.5 | 7.5 | 9y ago | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||
| CVE-2017-14766 | high | 7.5 | 7.5 | 9y ago | The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php… | |||
| CVE-2017-14739 | high | 7.5 | 7.5 | 9y ago | The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL P… | |||
| CVE-2017-9962 | high | 7.5 | 7.5 | 9y ago | Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications t… | |||
| CVE-2017-14727 | high | 7.5 | 7.5 | 9y ago | denial of service in weechat | |||
| CVE-2017-14722 | high | 7.5 | 7.5 | 9y ago | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | |||
| CVE-2017-14719 | high | 7.5 | 7.5 | 9y ago | Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | |||
| CVE-2017-9281 | high | 7.5 | 7.5 | 9y ago | An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | |||
| CVE-2017-14646 | high | 7.5 | 7.5 | 9y ago | The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in… | |||
| CVE-2017-14629 | high | 7.5 | 7.5 | 9y ago | In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. | |||
| CVE-2017-12219 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload … | |||
| CVE-2017-14616 | high | 7.5 | 7.5 | 9y ago | An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, l… | |||
| CVE-2017-9804 | high | 7.5 | 7.5 | 9y ago | Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used | |||
| CVE-2017-9793 | high | 7.5 | 7.5 | 9y ago | The REST Plugin in Apache Struts is using an outdated XStream library | |||
| CVE-2017-14339 | high | 7.5 | 7.5 | 9y ago | The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage an… | |||
| CVE-2017-12837 | high | 7.5 | 7.5 | 9y ago | Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) v… | |||
| CVE-2017-14581 | high | 7.5 | 7.5 | 9y ago | The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | |||
| CVE-2017-10931 | high | 7.5 | 7.5 | 9y ago | The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as syst… | |||
| CVE-2017-12616 | high | 7.5 | 7.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2017-9050 | high | 7.5 | 7.5 | 9y ago | Out-of-bounds read in nokogiri | |||
| CVE-2017-9803 | high | 7.5 | 7.5 | 9y ago | Apache Solr Kerberos delegation token functionality flaws | |||
| CVE-2017-14519 | high | 7.5 | 7.5 | 9y ago | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (… | |||
| CVE-2017-14515 | high | 7.5 | 7.5 | 9y ago | Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | |||
| CVE-2017-14514 | high | 7.5 | 7.5 | 9y ago | Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | |||
| CVE-2017-14511 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to … | |||
| CVE-2017-14502 | high | 7.5 | 7.5 | 9y ago | RHEA-2021:1580: libarchive bug fix and enhancement update (Moderate) | |||
| CVE-2017-2299 | high | 7.5 | 7.5 | 9y ago | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_di… | |||
| CVE-2017-10846 | high | 7.5 | 7.5 | 9y ago | Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. |