Total
8267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3315 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Eperformance | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). | |||||
| CVE-2016-3021 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | |||||
| CVE-2017-0533 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206. | |||||
| CVE-2017-0328 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328. | |||||
| CVE-2017-0336 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336. | |||||
| CVE-2017-0396 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965. | |||||
| CVE-2017-3841 | 1 Cisco | 1 Secure Access Control System | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-0245 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Server 2012 | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
| The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability." | |||||
| CVE-2016-6313 | 3 Canonical, Debian, Gnupg | 4 Ubuntu Linux, Debian Linux, Gnupg and 1 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | |||||
| CVE-2015-8625 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters. | |||||
| CVE-2015-8034 | 1 Saltstack | 1 Salt | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2017-5647 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. | |||||
| CVE-2017-0065 | 1 Microsoft | 1 Edge | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068. | |||||
| CVE-2016-3012 | 1 Ibm | 2 Api Connect, Network Path Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | |||||
| CVE-2016-7239 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-02-04 | 2.6 LOW | 3.1 LOW |
| The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2017-3043 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. | |||||
| CVE-2017-4977 | 1 Emc | 1 Rsa Archer Security Operations Management | 2024-02-04 | 1.9 LOW | 7.0 HIGH |
| EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. | |||||
| CVE-2017-7455 | 1 Moxa | 1 Mxview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | |||||
| CVE-2015-7824 | 1 Botan Project | 1 Botan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. | |||||
| CVE-2016-6190 | 1 Inverse-inc | 1 Sogo | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | |||||