Total
8188 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0127 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128. | |||||
CVE-2016-4869 | 1 Cybozu | 1 Office | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | |||||
CVE-2017-1292 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | |||||
CVE-2017-6614 | 1 Cisco | 1 Findit Network Probe | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. | |||||
CVE-2017-2317 | 1 Juniper | 1 Northstar Controller | 2025-04-20 | 7.5 HIGH | 8.6 HIGH |
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker. | |||||
CVE-2017-8643 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. | |||||
CVE-2017-0113 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | |||||
CVE-2016-8409 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409. | |||||
CVE-2017-14269 | 1 Ee | 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. | |||||
CVE-2017-10335 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
CVE-2016-3066 | 1 Spice-gtk Project | 1 Spice-gtk | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | |||||
CVE-2016-2372 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 4.9 MEDIUM | 5.9 MEDIUM |
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | |||||
CVE-2017-2400 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing. | |||||
CVE-2017-2326 | 1 Juniper | 1 Northstar Controller | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. | |||||
CVE-2017-8652 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662. | |||||
CVE-2017-0645 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327. | |||||
CVE-2017-13864 | 2 Apple, Microsoft | 3 Icloud, Itunes, Windows | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. | |||||
CVE-2017-6651 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950. | |||||
CVE-2015-4688 | 1 Ellucian | 1 Banner Student | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | |||||
CVE-2017-1126 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. |