Total
9490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18704 | 1 Netgear | 36 D6220, D6220 Firmware, D6400 and 33 more | 2024-11-21 | 6.5 Medium |
| Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16. | ||||
| CVE-2017-18694 | 2 Google, Samsung | 8 Android, Exynos 5250, Exynos 5260 and 5 more | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017). | ||||
| CVE-2017-18687 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017). | ||||
| CVE-2017-18686 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017). | ||||
| CVE-2017-18643 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017). | ||||
| CVE-2017-18642 | 1 Syska | 2 Smartlight Rainbow Led Smart Bulb, Smartlight Rainbow Led Smart Bulb Firmware | 2024-11-21 | 6.5 Medium |
| Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. | ||||
| CVE-2017-18550 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. | ||||
| CVE-2017-18549 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure. | ||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | ||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | ||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | ||||
| CVE-2017-18432 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | ||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | ||||
| CVE-2017-18424 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | ||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | ||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | ||||
| CVE-2017-18355 | 1 Google | 1 Rendertron | 2024-11-21 | N/A |
| Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files. | ||||
| CVE-2017-18345 | 1 Joomanager Project | 1 Joomanager | 2024-11-21 | N/A |
| The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request. | ||||
| CVE-2017-18332 | 1 Qualcomm | 56 Mdm9607, Mdm9607 Firmware, Mdm9635m and 53 more | 2024-11-21 | N/A |
| Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 | ||||
| CVE-2017-18326 | 1 Qualcomm | 68 Mdm9607, Mdm9607 Firmware, Mdm9615 and 65 more | 2024-11-21 | N/A |
| Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016. | ||||