Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5378 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | |||||
| CVE-2017-16994 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. | |||||
| CVE-2017-9487 | 1 Cisco | 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover a WAN IPv6 IP address by leveraging knowledge of the CM MAC address. | |||||
| CVE-2017-12616 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | |||||
| CVE-2017-1333 | 1 Ibm | 1 Openpages Grc Platform | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. | |||||
| CVE-2017-17776 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. | |||||
| CVE-2017-0793 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. | |||||
| CVE-2017-13164 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193. | |||||
| CVE-2017-13664 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | |||||
| CVE-2017-14680 | 1 Zkteco | 1 Zktime Web | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | |||||
| CVE-2017-12315 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-02-04 | 2.1 LOW | 6.0 MEDIUM |
| A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472. | |||||
| CVE-2017-8648 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. | |||||
| CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||||
| CVE-2017-11815 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". | |||||
| CVE-2015-3634 | 1 Slideshow Project | 1 Slideshow | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. | |||||
| CVE-2017-8592 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass". | |||||
| CVE-2017-1497 | 1 Ibm | 1 Sterling File Gateway | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |||||
| CVE-2017-3736 | 1 Openssl | 1 Openssl | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. | |||||
| CVE-2017-5529 | 1 Tibco | 9 Jasperreports Library Community Edition, Jasperreports Library For Activematrix Bpm, Jasperreports Professional and 6 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below). | |||||
| CVE-2017-10373 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Health Center). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||