Total
8283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5672 | 1 Kony | 1 Enterprise Mobile Management | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||||
| CVE-2016-4843 | 1 Cybozu | 1 Mailwise | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | |||||
| CVE-2015-8707 | 1 Magento | 1 Magento | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | |||||
| CVE-2017-0708 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879. | |||||
| CVE-2017-0168 | 1 Microsoft | 3 Windows 8.1, Windows Server 2008, Windows Server 2012 | 2025-04-20 | 6.3 MEDIUM | 5.8 MEDIUM |
| An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169. | |||||
| CVE-2017-7415 | 1 Atlassian | 1 Confluence Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | |||||
| CVE-2016-4664 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app. | |||||
| CVE-2017-11906 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919. | |||||
| CVE-2017-16574 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079. | |||||
| CVE-2017-13991 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | |||||
| CVE-2017-6070 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | |||||
| CVE-2017-0377 | 1 Torproject | 1 Tor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | |||||
| CVE-2017-1225 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904. | |||||
| CVE-2017-9682 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||||
| CVE-2017-11852 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | |||||
| CVE-2017-0895 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed. | |||||
| CVE-2014-1677 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||||
| CVE-2017-11815 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". | |||||
| CVE-2016-7666 | 1 Apple | 1 Transporter | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB. | |||||
| CVE-2016-8416 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206. | |||||