Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3935 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type. | |||||
| CVE-2017-10093 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-10324 | 1 Oracle | 1 E-business Suite Technology Stack | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-14085 | 1 Trendmicro | 1 Officescan | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules. | |||||
| CVE-2017-1000087 | 1 Jenkins | 1 Github Branch Source | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. | |||||
| CVE-2014-9483 | 1 Gnu | 1 Emacs | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Emacs 24.4 allows remote attackers to bypass security restrictions. | |||||
| CVE-2017-8712 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 1.9 LOW | 5.3 MEDIUM |
| The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. | |||||
| CVE-2017-6681 | 1 Cisco | 1 Ultra Services Framework | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-4966 | 3 Debian, Pivotal Software, Vmware | 3 Debian Linux, Rabbitmq, Rabbitmq | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. | |||||
| CVE-2017-8516 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". | |||||
| CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2024-02-04 | 4.3 MEDIUM | 7.4 HIGH |
| Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | |||||
| CVE-2017-17793 | 1 Blogotext Project | 1 Blogotext | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). | |||||
| CVE-2017-10280 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2024-02-04 | 5.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-2165 | 1 Groupsession | 1 Groupsession | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | |||||
| CVE-2014-9947 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | |||||
| CVE-2017-14269 | 1 Ee | 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. | |||||
| CVE-2017-9797 | 1 Apache | 1 Geode | 2024-02-04 | 5.8 MEDIUM | 6.5 MEDIUM |
| When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster. | |||||
| CVE-2017-1487 | 1 Ibm | 1 Sterling File Gateway | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. | |||||
| CVE-2017-11784 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814. | |||||
| CVE-2017-11939 | 1 Microsoft | 1 Office | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | |||||