Total
8098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1800 | 1 Samsung | 2 Galaxy S4, Galaxy S4 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | |||||
| CVE-2017-0299 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297. | |||||
| CVE-2017-11706 | 1 Boozt | 1 Boozt | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only have https on the checkout part of the site." | |||||
| CVE-2017-3157 | 3 Apache, Debian, Redhat | 8 Openoffice, Debian Linux, Enterprise Linux Desktop and 5 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. | |||||
| CVE-2017-7317 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. | |||||
| CVE-2017-12616 | 1 Apache | 1 Tomcat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | |||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2017-15583 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. | |||||
| CVE-2017-8668 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". | |||||
| CVE-2015-5059 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php. | |||||
| CVE-2017-0421 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. | |||||
| CVE-2017-7899 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval. | |||||
| CVE-2017-6621 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626. | |||||
| CVE-2015-5959 | 1 Froxlor | 1 Froxlor | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | |||||
| CVE-2017-0092 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | |||||
| CVE-2017-6318 | 2 Opensuse, Sane-backends Project | 2 Leap, Sane-backends | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | |||||
| CVE-2016-5938 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2017-14818 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982. | |||||
| CVE-2017-8648 | 1 Microsoft | 2 Edge, Windows 10 | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. | |||||
| CVE-2017-1000133 | 1 Mahara | 1 Mahara | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | |||||