Total
8269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6647 | 1 Cisco | 1 Remote Expert Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875. | |||||
| CVE-2017-7282 | 1 Unitrends | 1 Enterprise Backup | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). | |||||
| CVE-2017-0330 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330. | |||||
| CVE-2017-4013 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | |||||
| CVE-2017-2507 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-0632 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915. | |||||
| CVE-2016-9680 | 1 Citrix | 1 Provisioning Services | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2017-0398 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. | |||||
| CVE-2017-0535 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247. | |||||
| CVE-2017-5372 | 1 Sap | 1 Netweaver | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. | |||||
| CVE-2016-0382 | 1 Ibm | 1 Tealeaf Consumer Experience | 2024-02-04 | 2.1 LOW | 4.0 MEDIUM |
| The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. | |||||
| CVE-2017-5184 | 1 Microfocus | 1 Sentinel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | |||||
| CVE-2017-0556 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952. | |||||
| CVE-2014-2960 | 1 Visioncritical | 1 Vision Critical | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. | |||||
| CVE-2016-7917 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.3 MEDIUM | 5.0 MEDIUM |
| The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2016-2937 | 1 Ibm | 1 Bigfix Remote Control | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability." | |||||
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2016-1561 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. | |||||
| CVE-2016-5988 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | |||||
| CVE-2016-6116 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||