Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8118 | 1 Huawei | 1 Uma | 2024-02-04 | 2.1 LOW | 2.3 LOW |
| The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||||
| CVE-2017-12079 | 1 Synology | 1 Photo Station | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | |||||
| CVE-2016-2970 | 1 Ibm | 1 Sametime | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | |||||
| CVE-2017-1669 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. | |||||
| CVE-2017-7148 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. | |||||
| CVE-2017-13810 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters. | |||||
| CVE-2017-8544 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". | |||||
| CVE-2017-13693 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | |||||
| CVE-2015-3614 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | |||||
| CVE-2017-10356 | 1 Oracle | 2 Jdk, Jre | 2024-02-04 | 2.1 LOW | 6.2 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-5201 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
| NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | |||||
| CVE-2017-17104 | 1 Fiyo | 1 Fiyo Cms | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | |||||
| CVE-2017-7139 | 1 Apple | 1 Iphone Os | 2024-02-04 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action. | |||||
| CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | |||||
| CVE-2017-0709 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
| A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048. | |||||
| CVE-2016-10702 | 1 Pebble | 2 Pebble, Pebble Firmware | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. | |||||
| CVE-2017-7113 | 1 Apple | 1 Iphone Os | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. | |||||
| CVE-2017-1478 | 1 Ibm | 2 Security Access Manager, Security Access Manager 9.0 Firmware | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. | |||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
| CVE-2017-17926 | 1 Ordermanagementscript | 1 Professional Service Script | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||||