Total
9105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12157 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | |||||
| CVE-2017-10916 | 1 Xen | 1 Xen | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. | |||||
| CVE-2014-9147 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | |||||
| CVE-2016-8272 | 1 Huawei | 1 Hisuite | 2025-04-20 | 2.1 LOW | 5.3 MEDIUM |
| Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. | |||||
| CVE-2015-9031 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. | |||||
| CVE-2016-0202 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | |||||
| CVE-2017-17449 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. | |||||
| CVE-2017-8877 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | |||||
| CVE-2017-0377 | 1 Torproject | 1 Tor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | |||||
| CVE-2017-14820 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012. | |||||
| CVE-2017-2365 | 2 Apple, Webkitgtk | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
| CVE-2016-10362 | 1 Elasticsearch | 1 Output Plugin | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. | |||||
| CVE-2017-7983 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | |||||
| CVE-2015-8470 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2017-8680 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. | |||||
| CVE-2016-4613 | 1 Apple | 4 Apple Tv, Icloud, Itunes and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2015-2251 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | |||||
| CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
| CVE-2017-10956 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978. | |||||
| CVE-2017-1125 | 1 Ibm | 1 Cognos Business Intelligence Server | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. | |||||