Total
8083 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10319 | 1 Oracle | 1 Hospitality Suite8 | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-0536 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878. | |||||
| CVE-2017-3527 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-6778 | 1 Cisco | 1 Ultra Services Platform | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2017-6691 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2). | |||||
| CVE-2017-7138 | 1 Apple | 1 Mac Os X | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. | |||||
| CVE-2017-11327 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. | |||||
| CVE-2017-10421 | 1 Oracle | 1 Hospitality Suite8 | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2015-8034 | 1 Saltstack | 1 Salt | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2017-11834 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791. | |||||
| CVE-2017-2318 | 1 Juniper | 1 Northstar Controller | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges. | |||||
| CVE-2017-11835 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | |||||
| CVE-2017-6275 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. | |||||
| CVE-2017-3194 | 1 Pandora | 1 Pandora | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2014-9951 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | |||||
| CVE-2017-3732 | 2 Nodejs, Openssl | 2 Node.js, Openssl | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. | |||||
| CVE-2017-2384 | 1 Apple | 1 Iphone Os | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. | |||||
| CVE-2017-0328 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328. | |||||
| CVE-2015-4078 | 1 Cloudera | 2 Cloudera Manager, Navigator | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | |||||
| CVE-2017-12870 | 1 Simplesamlphp | 1 Simplesamlphp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | |||||