Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15850 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. | |||||
| CVE-2017-8662 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652. | |||||
| CVE-2017-0284 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2024-02-04 | 1.9 LOW | 5.0 MEDIUM |
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534. | |||||
| CVE-2015-3250 | 1 Apache | 1 Directory Ldap Api | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. | |||||
| CVE-2017-0286 | 1 Microsoft | 3 Office, Windows 7, Windows Server 2008 | 2024-02-04 | 1.9 LOW | 5.0 MEDIUM |
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | |||||
| CVE-2015-2253 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2024-02-04 | 3.5 LOW | 5.0 MEDIUM |
| The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | |||||
| CVE-2017-8258 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. | |||||
| CVE-2017-1220 | 1 Ibm | 1 Bigfix Platform | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. | |||||
| CVE-2017-13836 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-8863 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. | |||||
| CVE-2017-1000413 | 1 Linaro | 1 Op-tee | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | |||||
| CVE-2017-8254 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | |||||
| CVE-2017-15198 | 1 Kanboard | 1 Kanboard | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. | |||||
| CVE-2017-9484 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations. | |||||
| CVE-2018-5726 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. | |||||
| CVE-2017-14991 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. | |||||
| CVE-2017-13143 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. | |||||
| CVE-2017-1131 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | |||||
| CVE-2017-5075 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. | |||||
| CVE-2017-14240 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. | |||||