Total
9572 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7493 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | N/A |
| IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | ||||
| CVE-2017-12857 | 1 Polycom | 4 Realpresence Trio, Soundstation Ip, Unified Communications Software and 1 more | 2025-04-20 | N/A |
| Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | ||||
| CVE-2017-11765 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814. | ||||
| CVE-2014-2029 | 1 Percona | 1 Toolkit | 2025-04-20 | N/A |
| The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com. | ||||
| CVE-2017-2093 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | ||||
| CVE-2017-2105 | 1 Presentcast Inc | 1 Tver | 2025-04-20 | N/A |
| The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-2309 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk. | ||||
| CVE-2017-12295 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818. | ||||
| CVE-2017-1000381 | 4 C-ares, C-ares Project, Nodejs and 1 more | 4 C-ares, C-ares, Node.js and 1 more | 2025-04-20 | 7.5 High |
| The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | ||||
| CVE-2017-0560 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079. | ||||
| CVE-2017-17926 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | ||||
| CVE-2017-2320 | 1 Juniper | 1 Northstar Controller | 2025-04-20 | N/A |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. | ||||
| CVE-2017-0559 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722. | ||||
| CVE-2017-0558 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274. | ||||
| CVE-2016-8313 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts). | ||||
| CVE-2017-11761 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | N/A |
| Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" | ||||
| CVE-2017-0557 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073. | ||||
| CVE-2017-6275 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. | ||||
| CVE-2017-17864 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | N/A |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | ||||
| CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | N/A |
| Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | ||||