Total
7938 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7947 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | |||||
| CVE-2016-7664 | 1 Apple | 1 Iphone Os | 2025-04-20 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access. | |||||
| CVE-2017-6614 | 1 Cisco | 1 Findit Network Probe | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. | |||||
| CVE-2017-0558 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274. | |||||
| CVE-2017-6045 | 1 Trihedral | 1 Vtscada | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. | |||||
| CVE-2017-8441 | 1 Elastic | 1 X-pack | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. | |||||
| CVE-2017-0776 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. | |||||
| CVE-2014-9147 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | |||||
| CVE-2017-7455 | 1 Moxa | 1 Mxview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | |||||
| CVE-2015-6586 | 1 Huawei | 6 Wlan Ac6005, Wlan Ac6005 Firmware, Wlan Ac6605 and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. | |||||
| CVE-2017-3067 | 1 Adobe | 1 Experience Manager Forms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. | |||||
| CVE-2017-11232 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2015-7418 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-20 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. | |||||
| CVE-2016-5006 | 1 Pivotal Software | 2 Cloud Foundry, Cloud Foundry Elastic Runtime | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. | |||||
| CVE-2016-6249 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-04-20 | 2.1 LOW | 5.3 MEDIUM |
| F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. | |||||
| CVE-2017-12083 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. | |||||
| CVE-2017-15198 | 1 Kanboard | 1 Kanboard | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. | |||||
| CVE-2017-5001 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. | |||||
| CVE-2017-1000087 | 1 Jenkins | 1 Github Branch Source | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. | |||||
| CVE-2017-0895 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed. | |||||