Total
7938 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11835 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | |||||
| CVE-2017-9676 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. | |||||
| CVE-2016-10294 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481. | |||||
| CVE-2017-3556 | 1 Oracle | 1 Application Object Library | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-15700 | 1 Apache | 1 Sling Authentication Service | 2025-04-20 | 4.3 MEDIUM | 8.8 HIGH |
| A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | |||||
| CVE-2016-1603 | 1 Novell | 1 Netiq Idm Servicenow Driver | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | |||||
| CVE-2017-8840 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid. | |||||
| CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
| CVE-2014-8706 | 1 Pluck-cms | 1 Pluck | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | |||||
| CVE-2016-2565 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. | |||||
| CVE-2015-8544 | 1 Netapp | 1 Snapdrive | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-13149 | 1 Google | 1 Android | 2025-04-20 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872. | |||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2017-0299 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297. | |||||
| CVE-2017-2730 | 2 Apple, Huawei | 3 Iphone Os, Hilink, Tech Support | 2025-04-20 | 2.9 LOW | 3.5 LOW |
| HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. | |||||
| CVE-2017-0258 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259. | |||||
| CVE-2017-11435 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. | |||||
| CVE-2017-8554 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. | |||||
| CVE-2017-11776 | 1 Microsoft | 1 Outlook | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | |||||
| CVE-2017-0060 | 1 Microsoft | 14 Live Meeting, Lync, Office and 11 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. | |||||