Total
6670 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8217 | 1 Dell | 1 Bsafe Crypto-j | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601. | |||||
| CVE-2017-10254 | 1 Oracle | 1 Peoplesoft Enterprise Staffing Front Office | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-3259 | 1 Oracle | 2 Jdk, Jre | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts). | |||||
| CVE-2017-13801 | 1 Apple | 1 Mac Os X | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. | |||||
| CVE-2016-5509 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). | |||||
| CVE-2017-7082 | 1 Apple | 1 Mac Os X | 2025-04-20 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts. | |||||
| CVE-2017-0096 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 2.3 LOW | 2.6 LOW |
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | |||||
| CVE-2016-6349 | 1 Projectatomic | 1 Oci-register-machine | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. | |||||
| CVE-2016-7657 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. | |||||
| CVE-2016-6770 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228. | |||||
| CVE-2017-3468 | 1 Oracle | 1 Mysql | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2017-5607 | 1 Splunk | 1 Splunk | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage. | |||||
| CVE-2017-3487 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2016-4874 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | |||||
| CVE-2017-0895 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed. | |||||
| CVE-2016-0297 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | |||||
| CVE-2017-2701 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable. | |||||
| CVE-2017-3589 | 1 Oracle | 1 Connector\/j | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2016-8942 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | |||||
| CVE-2017-3240 | 1 Oracle | 1 Database Server | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). | |||||