Total
9085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4343 | 1 Apache | 1 Myfaces | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters. | |||||
| CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | |||||
| CVE-2016-6099 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | |||||
| CVE-2017-5184 | 1 Microfocus | 1 Sentinel | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | |||||
| CVE-2017-5995 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-1497 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |||||
| CVE-2013-7400 | 1 Dkd | 1 Direct Mail | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | |||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
| CVE-2017-13693 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | |||||
| CVE-2016-4949 | 1 Cloudera | 1 Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | |||||
| CVE-2016-8916 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. | |||||
| CVE-2017-2400 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing. | |||||
| CVE-2017-14053 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2015-2246 | 1 Huawei | 2 P7-l10, P7-l10 Firmware | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | |||||
| CVE-2017-7520 | 1 Openvpn | 1 Openvpn | 2025-04-20 | 4.0 MEDIUM | 7.4 HIGH |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | |||||
| CVE-2014-8722 | 1 Get-simple | 1 Getsimple Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | |||||
| CVE-2017-15210 | 1 Kanboard | 1 Kanboard | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. | |||||
| CVE-2017-9682 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||||
| CVE-2017-0849 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. | |||||
| CVE-2017-10337 | 1 Oracle | 1 Hospitality Suite8 | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L). | |||||