Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8087 | 1 Avm | 2 Fritz\!box 7490, Fritz\!os | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.
|
|||||
| CVE-2017-7847 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux Aus and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
|
|||||
| CVE-2017-7844 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.
|
|||||
| CVE-2017-7842 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.
|
|||||
| CVE-2017-7831 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.
|
|||||
| CVE-2017-7812 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.
|
|||||
| CVE-2017-7808 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.
|
|||||
| CVE-2017-7787 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
|
|||||
| CVE-2017-7759 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.
|
|||||
| CVE-2017-7633 | 1 Qnap | 1 Qfinder Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device.
|
|||||
| CVE-2017-7630 | 1 Qnap | 1 Qts | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi.
|
|||||
| CVE-2017-7568 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
|
|||||
| CVE-2017-7526 | 3 Canonical, Debian, Gnupg | 3 Ubuntu Linux, Debian Linux, Libgcrypt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
|
|||||
| CVE-2017-7510 | 1 Redhat | 1 Ovirt-engine | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
|
|||||
| CVE-2017-7173 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
|
|||||
| CVE-2017-7075 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.
|
|||||
| CVE-2017-6926 | 1 Drupal | 1 Drupal | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
|
|||||
| CVE-2017-6910 | 2 Kaazing, Tenefit | 2 Kaazing Gateway, Kaazing Websocket Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.
|
|||||
| CVE-2017-6514 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
|
|||||
| CVE-2017-6426 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.
|
|||||
| CVE-2017-6425 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.
|
|||||
| CVE-2017-6284 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.
|
|||||
| CVE-2017-6283 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.
|
|||||
| CVE-2017-6280 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.
|
|||||
| CVE-2017-6200 | 1 Sandstorm | 1 Sandstorm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
|
|||||
| CVE-2017-5811 | 1 Hp | 1 Network Automation | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
|
|||||
| CVE-2017-5803 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.
|
|||||
| CVE-2017-5801 | 1 Hp | 1 Business Process Monitor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.
|
|||||
| CVE-2017-5797 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.
|
|||||
| CVE-2017-5795 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.
|
|||||
| CVE-2017-5788 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.
|
|||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.
|
|||||
| CVE-2017-5754 | 2 Arm, Intel | 209 Cortex-a, Atom C, Atom E and 206 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
|
|||||
| CVE-2017-5658 | 1 Apache | 1 Pony Mail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.
|
|||||
| CVE-2017-5425 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.
|
|||||
| CVE-2017-5414 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.
|
|||||
| CVE-2017-5385 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.
|
|||||
| CVE-2017-5384 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.
|
|||||
| CVE-2017-5382 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.
|
|||||
| CVE-2017-5210 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
|
|||||