Total
8090 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17139 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak. | |||||
| CVE-2017-16911 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. | |||||
| CVE-2017-16770 | 1 Synology | 1 Surveillance Station | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | |||||
| CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | |||||
| CVE-2017-16741 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. | |||||
| CVE-2017-16639 | 2 Microsoft, Torproject | 2 Windows, Tor Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability. | |||||
| CVE-2017-16609 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750. | |||||
| CVE-2017-16607 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718. | |||||
| CVE-2017-16596 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119. | |||||
| CVE-2017-16595 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118. | |||||
| CVE-2017-16592 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103. | |||||
| CVE-2017-16591 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100. | |||||
| CVE-2017-16250 | 1 Mitel | 1 St14.2 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | |||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | |||||
| CVE-2017-16206 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16126 | 1 Botbait Project | 1 Botbait | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install) | |||||