Total
8835 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8685 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. | |||||
| CVE-2016-8982 | 1 Ibm | 1 Infosphere Datastage | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. | |||||
| CVE-2017-6621 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626. | |||||
| CVE-2017-1000234 | 1 I-librarian | 1 I Librarian | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter | |||||
| CVE-2017-9868 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | |||||
| CVE-2017-11155 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||||
| CVE-2016-5786 | 1 Omnimetrix | 1 Omniview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials. | |||||
| CVE-2015-3882 | 1 Qdpm | 1 Qdpm | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | |||||
| CVE-2017-15589 | 1 Xen | 1 Xen | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. | |||||
| CVE-2017-8719 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. | |||||
| CVE-2017-3277 | 1 Oracle | 1 Applications Manager | 2025-04-20 | 3.5 LOW | 4.9 MEDIUM |
| Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts). | |||||
| CVE-2017-1538 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. | |||||
| CVE-2017-2642 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has user fullname disclosure on the user preferences page. | |||||
| CVE-2017-11939 | 1 Microsoft | 1 Office | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | |||||
| CVE-2017-15937 | 1 Artica | 1 Pandora Fms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). | |||||
| CVE-2016-8472 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384. | |||||
| CVE-2016-6756 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. | |||||
| CVE-2017-1000099 | 1 Haxx | 1 Libcurl | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. | |||||
| CVE-2014-2960 | 1 Visioncritical | 1 Vision Critical | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. | |||||
| CVE-2015-7732 | 1 Avira | 1 Avira Mobile Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. | |||||