Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5607 | 1 Splunk | 1 Splunk | 2025-04-20 | 3.5 LOW | 3.5 LOW |
|
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.
|
|||||
| CVE-2017-13127 | 3 Apple, Google, Vip | 3 Iphone Os, Android, Vip | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.
|
|||||
| CVE-2017-1340 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 5.0 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
|
|||||
| CVE-2016-8271 | 1 Huawei | 2 Espace Iad, Espace Iad Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL.
|
|||||
| CVE-2017-12857 | 1 Polycom | 4 Realpresence Trio, Soundstation Ip, Unified Communications Software and 1 more | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
|
|||||
| CVE-2016-10293 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.
|
|||||
| CVE-2016-5894 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 1.9 LOW | 5.1 MEDIUM |
|
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
|
|||||
| CVE-2017-1000025 | 1 Gnome | 1 Epiphany | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
|
|||||
| CVE-2017-0336 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336.
|
|||||
| CVE-2016-7474 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
|
|||||
| CVE-2014-9616 | 1 Netsweeper | 1 Netsweeper | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.
|
|||||
| CVE-2017-13864 | 2 Apple, Microsoft | 3 Icloud, Itunes, Windows | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.
|
|||||
| CVE-2017-6752 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumer ...
Show More |
|||||
| CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
|
|||||
| CVE-2016-3037 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
|
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.
|
|||||
| CVE-2017-6046 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.
|
|||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
|
|||||
| CVE-2016-3066 | 1 Spice-gtk Project | 1 Spice-gtk | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
|
|||||
| CVE-2016-9129 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
|
|||||
| CVE-2017-2424 | 1 Apple | 2 Iphone Os, Safari | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
|
|||||
| CVE-2017-3087 | 1 Adobe | 1 Captivate | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
|
|||||
| CVE-2016-4806 | 1 Web2py | 1 Web2py | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
|
|||||
| CVE-2017-8473 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
|
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.
|
|||||
| CVE-2017-0326 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326.
|
|||||
| CVE-2017-8254 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
|
|||||
| CVE-2016-1919 | 1 Samsung | 1 Knox | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
|
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
|
|||||
| CVE-2017-0709 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
|
A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.
|
|||||
| CVE-2017-5166 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.
|
|||||
| CVE-2017-0455 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.
|
|||||
| CVE-2017-2550 | 1 Kubik-rubik | 1 Easy Joomla Backup | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.
|
|||||
| CVE-2017-6730 | 1 Cisco | 1 Wide Area Application Services | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Ar ...
Show More |
|||||
| CVE-2017-8532 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.
|
|||||
| CVE-2017-10956 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage ...
Show More |
|||||
| CVE-2016-2941 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
|
|||||
| CVE-2017-8490 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CV ...
Show More |
|||||
| CVE-2016-7814 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.
|
|||||
| CVE-2017-7484 | 1 Postgresql | 1 Postgresql | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
|
|||||
| CVE-2017-1131 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.
|
|||||
| CVE-2017-9676 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.
|
|||||
| CVE-2016-8940 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
|
|||||