Total
7901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13200 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. | |||||
| CVE-2017-13188 | 1 Google | 1 Android | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786. | |||||
| CVE-2017-13187 | 1 Google | 1 Android | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. | |||||
| CVE-2017-13185 | 1 Google | 1 Android | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471. | |||||
| CVE-2017-12884 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | |||||
| CVE-2017-12723 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications. | |||||
| CVE-2017-12697 | 1 Gm | 1 Shanghai Onstar | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server. | |||||
| CVE-2017-12622 | 1 Apache | 1 Geode | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. | |||||
| CVE-2017-12555 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. | |||||
| CVE-2017-12543 | 1 Hp | 5 Integrated Lights-out, Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | |||||
| CVE-2017-12173 | 2 Fedoraproject, Redhat | 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. | |||||
| CVE-2017-12169 | 1 Freeipa | 1 Freeipa | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability. | |||||
| CVE-2017-12167 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | |||||
| CVE-2017-12163 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 4.8 MEDIUM | 4.1 MEDIUM |
| An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | |||||
| CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2017-12092 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-11635 | 1 - | 1 Wireless Ip Camera 360 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card. | |||||
| CVE-2017-11578 | 1 Blipcare | 2 Wi-fi Blood Pressure Monitor, Wi-fi Blood Pressure Monitor Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack. | |||||
| CVE-2017-11557 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request. | |||||
| CVE-2017-11087 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver. | |||||