Total
8836 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0698 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458. | |||||
| CVE-2017-10324 | 1 Oracle | 1 E-business Suite Technology Stack | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2014-8889 | 1 Dropbox | 1 Dropbox Sdk | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
| Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | |||||
| CVE-2017-1434 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2025-04-20 | 2.1 LOW | 4.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. | |||||
| CVE-2016-5614 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). | |||||
| CVE-2016-8981 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2016-8507 | 1 Yandex | 1 Yandex Browser | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site. | |||||
| CVE-2017-5017 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. | |||||
| CVE-2017-7575 | 1 Schneider-electric | 2 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | |||||
| CVE-2017-1193 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||||
| CVE-2017-12080 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. | |||||
| CVE-2017-8553 | 1 Microsoft | 5 Windows 8.1, Windows Rt 8.1, Windows Server 2008 and 2 more | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability". | |||||
| CVE-2017-0190 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 2.1 LOW | 4.4 MEDIUM |
| The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | |||||
| CVE-2017-9480 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/. | |||||
| CVE-2017-1000199 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | |||||
| CVE-2017-1000143 | 1 Mahara | 1 Mahara | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. | |||||
| CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | |||||
| CVE-2017-3841 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-0624 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832. | |||||
| CVE-2017-1241 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. | |||||