Total
8283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32953 | 2025-04-21 | N/A | 8.7 HIGH | ||
| z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916. | |||||
| CVE-2017-5926 | 5 Allwinner, Amd, Intel and 2 more | 20 A64, Athlon Ii 640 X4, E-350 and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | |||||
| CVE-2015-7418 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-20 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. | |||||
| CVE-2017-3805 | 1 Cisco | 1 Iox | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0). | |||||
| CVE-2015-3614 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | |||||
| CVE-2017-13169 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. | |||||
| CVE-2017-8254 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | |||||
| CVE-2017-8491 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2016-8469 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469. | |||||
| CVE-2016-8313 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | 3.5 LOW | 4.1 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts). | |||||
| CVE-2017-5190 | 1 Netiq | 1 Access Manager | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. | |||||
| CVE-2017-1141 | 1 Ibm | 1 Insights Foundation For Energy | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | |||||
| CVE-2017-2704 | 1 Huawei | 14 Crowdtest, Hiapp, Hicinema and 11 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. | |||||
| CVE-2017-13865 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-2382 | 1 Apple | 1 Mac Os Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors. | |||||
| CVE-2017-10300 | 1 Oracle | 1 Siebel Customer Relationship Management Desktop | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Siebel Business Service Issues). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-14494 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | |||||
| CVE-2016-6335 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | |||||
| CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2017-0267 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | |||||