Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8711 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 1.9 LOW | 5.3 MEDIUM |
|
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713.
|
|||||
| CVE-2017-9150 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
|
|||||
| CVE-2017-0628 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.
|
|||||
| CVE-2017-3797 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7.
|
|||||
| CVE-2017-3527 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confi ...
Show More |
|||||
| CVE-2017-13842 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
|
|||||
| CVE-2017-6651 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an ...
Show More |
|||||
| CVE-2017-15597 | 1 Xen | 1 Xen | 2025-04-20 | 9.0 HIGH | 9.1 CRITICAL |
|
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and inform ...
Show More |
|||||
| CVE-2016-0382 | 1 Ibm | 1 Tealeaf Consumer Experience | 2025-04-20 | 2.1 LOW | 4.0 MEDIUM |
|
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.
|
|||||
| CVE-2015-2826 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2017-0451 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.
|
|||||
| CVE-2017-15937 | 1 Artica | 1 Pandora Fms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
|
|||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
|
|||||
| CVE-2015-8625 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
|
|||||
| CVE-2017-0536 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.
|
|||||
| CVE-2017-10267 | 1 Oracle | 1 Tuxedo | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS V ...
Show More |
|||||
| CVE-2017-1000380 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
|
|||||
| CVE-2017-17104 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].
|
|||||
| CVE-2017-10037 | 1 Oracle | 1 Business Intelligence Publisher | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.0 Base Score 7.5 (Confidentia ...
Show More |
|||||
| CVE-2016-8747 | 1 Apache | 1 Tomcat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
|
|||||
| CVE-2014-9691 | 1 Huawei | 64 Tecal Bh620 V2, Tecal Bh620 V2 Firmware, Tecal Bh621 V2 and 61 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 ...
Show More |
|||||
| CVE-2014-8491 | 1 Codeasily | 1 Grand Flagallery | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.
|
|||||
| CVE-2014-8723 | 1 Get-simple | 1 Getsimple Cms | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
|
|||||
| CVE-2016-8477 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007.
|
|||||
| CVE-2017-11272 | 1 Adobe | 1 Digital Editions | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
|
|||||
| CVE-2017-15210 | 1 Kanboard | 1 Kanboard | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
|
|||||
| CVE-2016-4976 | 1 Apache | 1 Ambari | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
|
|||||
| CVE-2017-7455 | 1 Moxa | 1 Mxview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
|
|||||
| CVE-2015-2253 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | 3.5 LOW | 5.0 MEDIUM |
|
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
|
|||||
| CVE-2017-8554 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
|
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.
|
|||||
| CVE-2017-8441 | 1 Elastic | 1 X-pack | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.
|
|||||
| CVE-2017-11768 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2025-04-20 | 1.9 LOW | 2.5 LOW |
|
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability."
|
|||||
| CVE-2017-9993 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
|
|||||
| CVE-2017-12737 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.
|
|||||
| CVE-2017-13701 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
|
|||||
| CVE-2016-10213 | 1 A10networks | 1 Advanced Core Operating System | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
|
|||||
| CVE-2016-5893 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
|
|||||
| CVE-2017-2397 | 1 Apple | 1 Iphone Os | 2025-04-20 | 2.1 LOW | 2.4 LOW |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.
|
|||||
| CVE-2015-3400 | 1 Zfsonlinux | 1 Zfs | 2025-04-20 | 3.5 LOW | 4.3 MEDIUM |
|
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
|
|||||
| CVE-2017-6071 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
|
|||||