Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8739 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | |||||
| CVE-2017-12855 | 1 Xen | 1 Xen | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. | |||||
| CVE-2017-14053 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2017-14156 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. | |||||
| CVE-2017-12419 | 3 Mantisbt, Mariadb, Mysql | 3 Mantisbt, Mariadb, Mysql | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server. | |||||
| CVE-2017-6697 | 1 Cisco | 1 Elastic Services Controller | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2014-0043 | 1 Apache | 1 Wicket | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | |||||
| CVE-2017-15576 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2017-13822 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-8486 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability". | |||||
| CVE-2017-1000100 | 1 Haxx | 1 Libcurl | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS. | |||||
| CVE-2017-10421 | 1 Oracle | 1 Hospitality Suite8 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2015-7732 | 1 Avira | 1 Avira Mobile Security | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. | |||||
| CVE-2017-8643 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. | |||||
| CVE-2017-8668 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". | |||||
| CVE-2014-6437 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. | |||||
| CVE-2017-6696 | 1 Cisco | 1 Elastic Services Controller | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2). | |||||
| CVE-2014-4993 | 2 Backup-agoddard Project, Backup Checksum Project | 2 Backup-agoddard, Backup Checksum | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2017-2309 | 1 Juniper | 1 Junos Space | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk. | |||||
| CVE-2017-9701 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. | |||||