Total
9526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11833 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | |||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2015-1027 | 1 Percona | 2 Toolkit, Xtrabackup | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. | |||||
| CVE-2017-7148 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. | |||||
| CVE-2017-15865 | 2 Cumulusnetworks, Frrouting | 2 Cumulus Linux, Frrouting | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). | |||||
| CVE-2017-5865 | 1 Owncloud | 1 Owncloud | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | |||||
| CVE-2017-6705 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. | |||||
| CVE-2017-12625 | 1 Apache | 1 Hive | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns. | |||||
| CVE-2017-8450 | 1 Elastic | 1 X-pack | 2025-04-20 | 4.0 MEDIUM | 7.5 HIGH |
| X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information. | |||||
| CVE-2015-8276 | 1 Eparaksts | 2 Edoc-libraries, Eparakstitajs 3 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. | |||||
| CVE-2017-10267 | 1 Oracle | 1 Tuxedo | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-0122 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | |||||
| CVE-2017-7486 | 1 Postgresql | 1 Postgresql | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | |||||
| CVE-2017-0124 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | |||||
| CVE-2017-14943 | 1 Trapezegroup | 1 Transitmaster | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference. | |||||
| CVE-2016-7542 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | |||||
| CVE-2017-8035 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. | |||||
| CVE-2016-4950 | 1 Cloudera | 1 Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | |||||
| CVE-2017-13693 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | |||||
| CVE-2017-10334 | 1 Oracle | 1 Weblogic Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||