Total
7921 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16048 | 1 Node-sqlite Project | 1 Node-sqlite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16047 | 1 Mysqljs Project | 1 Mysqljs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16045 | 1 Jquery.js Project | 1 Jquery.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. | |||||
| CVE-2017-15852 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver. | |||||
| CVE-2017-15851 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel | |||||
| CVE-2017-15850 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. | |||||
| CVE-2017-15833 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure. | |||||
| CVE-2017-15814 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-15713 | 1 Apache | 1 Hadoop | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. | |||||
| CVE-2017-15709 | 1 Apache | 1 Activemq | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | |||||
| CVE-2017-15696 | 1 Apache | 1 Geode | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code. | |||||
| CVE-2017-15652 | 1 Artifex | 1 Ghostscript | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. | |||||
| CVE-2017-15518 | 1 Netapp | 2 Oncommand Api Services, Service Level Manager | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required. | |||||
| CVE-2017-15327 | 1 Huawei | 6 S12700, S12700 Firmware, S7700 and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. | |||||
| CVE-2017-15139 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. | |||||
| CVE-2017-15138 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | |||||