Total
8283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8981 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2017-3552 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-20 | 3.5 LOW | 4.3 MEDIUM |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-13150 | 1 Google | 1 Android | 2025-04-20 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132. | |||||
| CVE-2016-7614 | 1 Apple | 1 Icloud | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors. | |||||
| CVE-2016-9710 | 1 Ibm | 1 Cognos Business Intelligence Server | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618. | |||||
| CVE-2016-5966 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2017-11051 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero. | |||||
| CVE-2017-10888 | 3 Apple, Bookwalker, Microsoft | 3 Macos, Book Walker, Windows | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | |||||
| CVE-2017-6040 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously. | |||||
| CVE-2016-9107 | 1 Otr | 1 Gajim-otr | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-3087 | 1 Adobe | 1 Captivate | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. | |||||
| CVE-2017-1214 | 1 Ibm | 1 Inotes | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. | |||||
| CVE-2016-0358 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | |||||
| CVE-2017-13840 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-9794 | 1 Apache | 1 Geode | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | |||||
| CVE-2016-8403 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348. | |||||
| CVE-2017-8877 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | |||||
| CVE-2017-7589 | 1 Openidm Project | 1 Openidm | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | |||||
| CVE-2017-9495 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web Inspector script. | |||||
| CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | |||||