Total
9109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8470 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | |||||
| CVE-2016-6335 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | |||||
| CVE-2017-10310 | 1 Oracle | 1 Hyperion Financial Reporting | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-1613 | 1 Ibm | 1 Connections | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. | |||||
| CVE-2017-16804 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | |||||
| CVE-2017-0413 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. | |||||
| CVE-2017-1099 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. | |||||
| CVE-2015-4688 | 1 Ellucian | 1 Banner Student | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | |||||
| CVE-2017-1423 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. | |||||
| CVE-2015-1027 | 1 Percona | 2 Toolkit, Xtrabackup | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. | |||||
| CVE-2014-7860 | 2 D-link, Dlink | 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | |||||
| CVE-2017-0632 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915. | |||||
| CVE-2017-8482 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-3764 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. | |||||
| CVE-2017-3245 | 1 Oracle | 1 Flexcube Direct Banking | 2025-04-20 | 4.3 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). | |||||
| CVE-2017-9731 | 1 Yocto Project | 1 Yp Core-pyro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package. | |||||
| CVE-2017-14603 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. | |||||
| CVE-2017-0242 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability." | |||||
| CVE-2017-3154 | 1 Apache | 1 Atlas | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | |||||
| CVE-2016-10002 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information. | |||||