Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000383 | 1 Gnu | 1 Emacs | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | |||||
| CVE-2017-0816 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938. | |||||
| CVE-2017-8035 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. | |||||
| CVE-2017-15104 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | |||||
| CVE-2015-7846 | 1 Huawei | 14 Ar1200, Ar1200 Firmware, Ar200 and 11 more | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | |||||
| CVE-2017-14943 | 1 Trapezegroup | 1 Transitmaster | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference. | |||||
| CVE-2017-0849 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. | |||||
| CVE-2017-0778 | 1 Google | 1 Android | 2024-02-04 | 7.8 HIGH | 7.1 HIGH |
| A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. | |||||
| CVE-2017-11831 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
| Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880. | |||||
| CVE-2017-2180 | 1 Ipa | 1 Appgoat | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | |||||
| CVE-2017-17734 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | |||||
| CVE-2017-15110 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. | |||||
| CVE-2017-8736 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". | |||||
| CVE-2017-8683 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. | |||||
| CVE-2017-8492 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2015-2251 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | |||||
| CVE-2017-15098 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. | |||||
| CVE-2015-3642 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Firmware, Netscaler Gateway | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | |||||
| CVE-2017-6706 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-02-04 | 3.6 LOW | 5.1 MEDIUM |
| A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. | |||||
| CVE-2017-2704 | 1 Huawei | 14 Crowdtest, Hiapp, Hicinema and 11 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. | |||||