Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7844 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. | |||||
| CVE-2018-0763 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0839. | |||||
| CVE-2018-0932 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | |||||
| CVE-2017-6426 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842. | |||||
| CVE-2018-1433 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. | |||||
| CVE-2016-0275 | 1 Ibm | 1 Financial Transaction Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows local users to obtain sensitive information via vectors related to cacheable HTTPS responses. | |||||
| CVE-2017-16060 | 1 Babelcli Project | 1 Babelcli | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-1654 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378. | |||||
| CVE-2018-12921 | 1 Electroind | 2 Gaugetech Nexus, Gaugetech Nexus Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | |||||
| CVE-2014-2884 | 1 Truecrypt Project | 1 Truecrypt | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | |||||
| CVE-2017-1741 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. | |||||
| CVE-2012-0433 | 1 Crowbar Project | 1 Crowbar | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. | |||||
| CVE-2017-5811 | 1 Hp | 1 Network Automation | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2018-6008 | 1 Joomlatag | 1 Jtag Members Directory | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | |||||
| CVE-2017-6910 | 2 Kaazing, Tenefit | 2 Kaazing Gateway, Kaazing Websocket Gateway | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling. | |||||
| CVE-2018-12892 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-02-04 | 6.5 MEDIUM | 9.9 CRITICAL |
| An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. | |||||
| CVE-2018-7755 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | |||||
| CVE-2015-7401 | 1 Ibm | 1 Curam Social Program Management | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106. | |||||
| CVE-2016-8486 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691. | |||||
| CVE-2018-4138 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||