Total
8276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5803 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | |||||
| CVE-2018-4117 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Iphone Os, Itunes and 9 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
| CVE-2016-0351 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. | |||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2018-1135 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. | |||||
| CVE-2018-7210 | 1 Idashboards | 1 Idashboards | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts. | |||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-7831 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. | |||||
| CVE-2018-5133 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59. | |||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-15518 | 1 Netapp | 2 Oncommand Api Services, Service Level Manager | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required. | |||||
| CVE-2017-8165 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak. | |||||
| CVE-2018-8246 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | |||||
| CVE-2017-14082 | 1 Trendmicro | 1 Mobile Security | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | |||||
| CVE-2017-7768 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | |||||
| CVE-2018-3838 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2018-1240 | 1 Emc | 1 Vipr Controller | 2024-02-04 | 2.7 LOW | 8.0 HIGH |
| Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system. | |||||
| CVE-2017-1768 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471. | |||||
| CVE-2018-5319 | 1 Ravpower | 1 Filehub Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | |||||