Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16065 | 1 Openssl.js Project | 1 Openssl.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2015-7432 | 1 Ibm | 1 Capacity Management Analytics | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861. | |||||
| CVE-2018-4223 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier. | |||||
| CVE-2017-16047 | 1 Mysqljs Project | 1 Mysqljs | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-8952 | 1 Hp | 1 Sitescope | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2018-3652 | 1 Intel | 34 Atom C, Xeon, Xeon Bronze 3104 and 31 more | 2024-02-04 | 4.6 MEDIUM | 7.6 HIGH |
| Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces. | |||||
| CVE-2018-0761 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855. | |||||
| CVE-2017-2826 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability. | |||||
| CVE-2018-6234 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-10732 | 1 Dataiku | 1 Data Science Studio | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. | |||||
| CVE-2018-11037 | 1 Exiv2 | 1 Exiv2 | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | |||||
| CVE-2018-6293 | 1 Hyland | 1 Saperion Web Client | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | |||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2018-8123 | 1 Microsoft | 1 Edge | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021. | |||||
| CVE-2018-5436 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. | |||||
| CVE-2014-5028 | 1 Reviewboard | 1 Review Board | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. | |||||
| CVE-2018-10599 | 1 Philips | 36 Avalon Fetal\/maternal Monitors Fm20, Avalon Fetal\/maternal Monitors Fm20 Firmware, Avalon Fetal\/maternal Monitors Fm30 and 33 more | 2024-02-04 | 2.9 LOW | 5.3 MEDIUM |
| IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. | |||||
| CVE-2018-5118 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. | |||||
| CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. | |||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | |||||