Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16052 | 1 Node-fabric Project | 1 Node-fabric | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16048 | 1 Node-sqlite Project | 1 Node-sqlite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16047 | 1 Mysqljs Project | 1 Mysqljs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16045 | 1 Jquery.js Project | 1 Jquery.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
|
|||||
| CVE-2017-16007 | 1 Cisco | 1 Node-jose | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
|
|||||
| CVE-2017-15852 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.
|
|||||
| CVE-2017-15851 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel
|
|||||
| CVE-2017-15850 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
|
|||||
| CVE-2017-15833 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.
|
|||||
| CVE-2017-15814 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2017-15713 | 1 Apache | 1 Hadoop | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
|
|||||
| CVE-2017-15709 | 1 Apache | 1 Activemq | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
|
|||||
| CVE-2017-15696 | 1 Apache | 1 Geode | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
|
|||||
| CVE-2017-15652 | 1 Artifex | 1 Ghostscript | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.
|
|||||
| CVE-2017-15518 | 1 Netapp | 2 Oncommand Api Services, Service Level Manager | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
|
|||||
| CVE-2017-15327 | 1 Huawei | 6 S12700, S12700 Firmware, S7700 and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorizat ...
Show More |
|||||
| CVE-2017-15139 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
|
|||||
| CVE-2017-15138 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
|
|||||
| CVE-2017-15112 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
|
|||||
| CVE-2017-15031 | 1 Arm | 1 Arm-trusted-firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
|
|||||
| CVE-2017-14891 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable.
|
|||||
| CVE-2017-14882 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.
|
|||||
| CVE-2017-14875 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists.
|
|||||
| CVE-2017-14870 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.
|
|||||
| CVE-2017-14869 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.
|
|||||
| CVE-2017-14709 | 1 Komoot | 1 Komoot | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-14461 | 3 Debian, Dovecot, Ubuntu | 3 Debian Linux, Dovecot, Ubuntu | 2024-11-21 | 5.5 MEDIUM | 5.9 MEDIUM |
|
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
|
|||||
| CVE-2017-14443 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
|
|||||
| CVE-2017-14082 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.
|
|||||
| CVE-2017-13877 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.
|
|||||
| CVE-2017-13873 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
|
|||||
| CVE-2017-13839 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
|
|||||
| CVE-2017-13304 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.
|
|||||
| CVE-2017-13303 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.
|
|||||