Total
8185 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0885 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | |||||
| CVE-2017-12079 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | |||||
| CVE-2017-9933 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | |||||
| CVE-2017-8863 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. | |||||
| CVE-2017-14053 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2016-3021 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | |||||
| CVE-2017-1507 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | |||||
| CVE-2017-9605 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. | |||||
| CVE-2016-8727 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. | |||||
| CVE-2014-9970 | 1 Jasypt Project | 1 Jasypt | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| jasypt before 1.9.2 allows a timing attack against the password hash comparison. | |||||
| CVE-2017-2686 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | |||||
| CVE-2017-3240 | 1 Oracle | 1 Database Server | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). | |||||
| CVE-2017-7138 | 1 Apple | 1 Mac Os X | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. | |||||
| CVE-2017-16994 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. | |||||
| CVE-2017-5583 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-2981 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 2.1 LOW | 6.8 MEDIUM |
| An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. | |||||
| CVE-2017-0825 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. | |||||
| CVE-2017-1000226 | 1 Fullworks | 1 Stop User Enumeration | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Stop User Enumeration 1.3.8 allows user enumeration via the REST API | |||||
| CVE-2017-10328 | 1 Oracle | 1 Application Object Library | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-1379 | 1 Ibm | 1 Api Connect | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. | |||||