Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18686 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017).
|
|||||
| CVE-2017-18643 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017).
|
|||||
| CVE-2017-18642 | 1 Syska | 2 Smartlight Rainbow Led Smart Bulb, Smartlight Rainbow Led Smart Bulb Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.
|
|||||
| CVE-2017-18550 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
|
|||||
| CVE-2017-18549 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
|
|||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
|
|||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
|
|||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
|
|||||
| CVE-2017-18432 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
|
|||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
|
|||||
| CVE-2017-18424 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
|
|||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
|
|||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
|
|||||
| CVE-2017-18355 | 1 Google | 1 Rendertron | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.
|
|||||
| CVE-2017-18345 | 1 Joomanager Project | 1 Joomanager | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
|
|||||
| CVE-2017-18332 | 1 Qualcomm | 56 Mdm9607, Mdm9607 Firmware, Mdm9635m and 53 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130
|
|||||
| CVE-2017-18326 | 1 Qualcomm | 68 Mdm9607, Mdm9607 Firmware, Mdm9615 and 65 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.
|
|||||
| CVE-2017-18324 | 1 Qualcomm | 64 Mdm9206, Mdm9206 Firmware, Mdm9607 and 61 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016.
|
|||||
| CVE-2017-18322 | 1 Qualcomm | 62 Mdm9206, Mdm9206 Firmware, Mdm9607 and 59 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.
|
|||||
| CVE-2017-18321 | 1 Qualcomm | 8 Mdm9650, Mdm9650 Firmware, Mdm9655 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660.
|
|||||
| CVE-2017-18300 | 1 Qualcomm | 16 Mdm9206, Mdm9206 Firmware, Mdm9607 and 13 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660.
|
|||||
| CVE-2017-18192 | 1 Photo\,video Locker-calculator Project | 1 Photo\,video Locker-calculator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
|
|||||
| CVE-2017-18112 | 1 Atlassian | 1 Fisheye | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
|
|||||
| CVE-2017-18104 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
|
|||||
| CVE-2017-18072 | 1 Qualcomm | 76 Mdm9206, Mdm9206 Firmware, Mdm9607 and 73 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the informat ...
Show More |
|||||
| CVE-2017-17769 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.
|
|||||
| CVE-2017-17322 | 1 Huawei | 2 Honor Smart Scale Application, Honor Smart Scale Application Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure.
|
|||||
| CVE-2017-17319 | 1 Huawei | 2 P9, P9 Firmware | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.
|
|||||
| CVE-2017-17303 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500 ...
Show More |
|||||
| CVE-2017-17280 | 1 Huawei | 2 Lon-al00b, Lon-al00b Firmware | 2024-11-21 | 2.9 LOW | 3.5 LOW |
|
NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak.
|
|||||
| CVE-2017-17140 | 1 Huawei | 4 Enjoy 5s, Enjoy 5s Firmware, Y6 Pro and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak.
|
|||||
| CVE-2017-17139 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak.
|
|||||
| CVE-2017-16911 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
|
|||||
| CVE-2017-16770 | 1 Synology | 1 Surveillance Station | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.
|
|||||
| CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
|
|||||
| CVE-2017-16741 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
|
|||||
| CVE-2017-16639 | 2 Microsoft, Torproject | 2 Windows, Tor Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
|
|||||
| CVE-2017-16609 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.
|
|||||
| CVE-2017-16607 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the cu ...
Show More |
|||||
| CVE-2017-16596 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a ...
Show More |
|||||