Total
9530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | |||||
| CVE-2017-16584 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290. | |||||
| CVE-2017-12870 | 1 Simplesamlphp | 1 Simplesamlphp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | |||||
| CVE-2017-0111 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | |||||
| CVE-2016-9700 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. | |||||
| CVE-2017-13169 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. | |||||
| CVE-2017-1284 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. | |||||
| CVE-2016-8478 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206. | |||||
| CVE-2017-9701 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. | |||||
| CVE-2017-15277 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | |||||
| CVE-2017-17549 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. | |||||
| CVE-2017-1193 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||||
| CVE-2017-8736 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". | |||||
| CVE-2016-2941 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | |||||
| CVE-2017-5223 | 1 Phpmailer Project | 1 Phpmailer | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. | |||||
| CVE-2016-2987 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | |||||
| CVE-2014-9947 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | |||||
| CVE-2016-9244 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. | |||||
| CVE-2017-1241 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. | |||||
| CVE-2017-13865 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||