Total
7938 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9796 | 1 Apache | 1 Geode | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | |||||
| CVE-2017-9795 | 1 Apache | 1 Geode | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. | |||||
| CVE-2017-9681 | 1 Google | 1 Android | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. | |||||
| CVE-2017-9284 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
| IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | |||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | |||||
| CVE-2017-9000 | 1 Hp | 1 Arubaos | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. | |||||
| CVE-2017-8985 | 1 Hp | 1 Xp Storage Hitachi Global Link Manager | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. | |||||
| CVE-2017-8980 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2017-8978 | 1 Hp | 3 Icewall Mcrp, Icewall Mfa, Icewall Sso | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found. | |||||
| CVE-2017-8970 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-8952 | 1 Hp | 1 Sitescope | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2017-8951 | 1 Hp | 1 Sitescope | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2017-8950 | 1 Hp | 1 Sitescope | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2017-8944 | 1 Hp | 1 Cloud Optimizer | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found. | |||||
| CVE-2017-8761 | 1 Openstack | 1 Swift | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. | |||||
| CVE-2017-8337 | 1 Securifi | 6 Almond, Almond\+, Almond\+firmware and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests. | |||||
| CVE-2017-8165 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak. | |||||
| CVE-2017-8087 | 1 Avm | 2 Fritz\!box 7490, Fritz\!os | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. | |||||
| CVE-2017-7847 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux Aus and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2. | |||||
| CVE-2017-7844 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. | |||||