Total
9280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000234 | 1 I-librarian | 1 I Librarian | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter | |||||
| CVE-2017-9868 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | |||||
| CVE-2017-11155 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||||
| CVE-2016-5786 | 1 Omnimetrix | 1 Omniview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials. | |||||
| CVE-2015-3882 | 1 Qdpm | 1 Qdpm | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | |||||
| CVE-2017-15589 | 1 Xen | 1 Xen | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. | |||||
| CVE-2017-8719 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. | |||||
| CVE-2017-3277 | 1 Oracle | 1 Applications Manager | 2025-04-20 | 3.5 LOW | 4.9 MEDIUM |
| Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts). | |||||
| CVE-2017-1538 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. | |||||
| CVE-2017-2642 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has user fullname disclosure on the user preferences page. | |||||
| CVE-2017-11939 | 1 Microsoft | 1 Office | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | |||||
| CVE-2017-15937 | 1 Artica | 1 Pandora Fms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). | |||||
| CVE-2016-8472 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384. | |||||
| CVE-2016-6756 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. | |||||
| CVE-2017-1000099 | 1 Haxx | 1 Libcurl | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. | |||||
| CVE-2014-2960 | 1 Visioncritical | 1 Vision Critical | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. | |||||
| CVE-2015-7732 | 1 Avira | 1 Avira Mobile Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. | |||||
| CVE-2017-11803 | 1 Microsoft | 2 Edge, Windows 10 | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844. | |||||
| CVE-2015-3881 | 1 Qdpm | 1 Qdpm | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml. | |||||
| CVE-2017-0194 | 1 Microsoft | 2 Excel, Office Compatibility Pack | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||