Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0761 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-03-14 | 2.1 LOW | 5.5 MEDIUM |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855. | |||||
| CVE-2018-0755 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-03-14 | 2.1 LOW | 5.5 MEDIUM |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855. | |||||
| CVE-2018-0760 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Server 2012 | 2018-03-14 | 2.1 LOW | 5.5 MEDIUM |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0761, and CVE-2018-0855. | |||||
| CVE-2017-6200 | 1 Sandstorm | 1 Sandstorm | 2018-03-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name. | |||||
| CVE-2017-13238 | 1 Google | 1 Android | 2018-03-13 | 4.7 MEDIUM | 4.2 MEDIUM |
| In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940. | |||||
| CVE-2017-12555 | 1 Hp | 1 Intelligent Management Center | 2018-03-13 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. | |||||
| CVE-2016-0367 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-03-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072. | |||||
| CVE-2018-7056 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2018-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action. | |||||
| CVE-2017-12543 | 1 Hp | 5 Integrated Lights-out, Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware and 2 more | 2018-03-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | |||||
| CVE-2018-0839 | 1 Microsoft | 2 Edge, Windows 10 | 2018-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763. | |||||
| CVE-2016-0343 | 1 Ibm | 1 Tririga Application Platform | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784. | |||||
| CVE-2016-0345 | 1 Ibm | 1 Tririga Application Platform | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786. | |||||
| CVE-2018-6846 | 1 Zblogcn | 1 Z-blogphp | 2018-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. | |||||
| CVE-2017-8950 | 1 Hp | 1 Sitescope | 2018-03-06 | 2.1 LOW | 5.5 MEDIUM |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |||||
| CVE-2017-5795 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 7.1 HIGH | 6.5 MEDIUM |
| A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | |||||
| CVE-2016-8514 | 1 Hp | 1 Version Control Repository Manager | 2018-03-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 6.4 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-14494 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2018-03-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | |||||
| CVE-2016-8531 | 1 Hp | 1 Matrix Operating Environment | 2018-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found. | |||||
| CVE-2017-1785 | 1 Ibm | 1 Api Connect | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. | |||||
| CVE-2013-4317 | 1 Apache | 1 Cloudstack | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | |||||
| CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2018-02-23 | 2.1 LOW | 5.5 MEDIUM |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
| CVE-2012-3331 | 1 Ibm | 1 Sametime | 2018-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. | |||||
| CVE-2015-5310 | 1 Google | 1 Android | 2018-02-22 | 3.3 LOW | 4.3 MEDIUM |
| The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. | |||||
| CVE-2017-1000250 | 1 Bluez | 1 Bluez | 2018-02-17 | 3.3 LOW | 6.5 MEDIUM |
| All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. | |||||
| CVE-2013-7435 | 1 Evergreen-ils | 1 Evergreen | 2018-02-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | |||||
| CVE-2015-2203 | 1 Evergreen-ils | 1 Evergreen | 2018-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | |||||
| CVE-2018-6014 | 1 Subsonic | 1 Subsonic | 2018-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data. | |||||
| CVE-2017-1000505 | 1 Jenkins | 1 Script Security | 2018-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval. | |||||
| CVE-2017-2744 | 1 Hp | 1 Support Assistant | 2018-02-09 | 2.1 LOW | 5.5 MEDIUM |
| The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. | |||||
| CVE-2017-1515 | 1 Ibm | 1 Rational Doors | 2018-02-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | |||||
| CVE-2017-15713 | 1 Apache | 1 Hadoop | 2018-02-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. | |||||
| CVE-2018-1044 | 1 Moodle | 1 Moodle | 2018-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | |||||
| CVE-2017-9796 | 1 Apache | 1 Geode | 2018-02-02 | 3.5 LOW | 5.3 MEDIUM |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | |||||
| CVE-2018-5728 | 1 Cobham | 2 Seatel 121, Seatel 121 Firmware | 2018-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. | |||||
| CVE-2015-7484 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619. | |||||
| CVE-2018-5682 | 1 Prestashop | 1 Prestashop | 2018-01-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. | |||||
| CVE-2014-5394 | 1 Huawei | 24 S2300, S2300 Firmware, S2700 and 21 more | 2018-01-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. | |||||
| CVE-2017-10262 | 1 Oracle | 1 Access Manager | 2018-01-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2016-0704 | 1 Openssl | 1 Openssl | 2018-01-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | |||||
| CVE-2016-7977 | 1 Artifex | 1 Ghostscript | 2018-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | |||||
| CVE-2017-0783 | 1 Google | 1 Android | 2018-01-18 | 6.1 MEDIUM | 6.5 MEDIUM |
| A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. | |||||
| CVE-2018-0766 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2018-01-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | |||||
| CVE-2017-1000413 | 1 Linaro | 1 Op-tee | 2018-01-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | |||||
| CVE-2018-0800 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2018-01-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. | |||||
| CVE-2016-8939 | 1 Ibm | 1 Tivoli Storage Manager | 2018-01-16 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. | |||||
| CVE-2017-15537 | 1 Linux | 1 Linux Kernel | 2018-01-13 | 2.1 LOW | 5.5 MEDIUM |
| The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. | |||||
| CVE-2017-9554 | 1 Synology | 1 Diskstation Manager | 2018-01-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | |||||
| CVE-2017-17926 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||||
| CVE-2017-1698 | 1 Ibm | 1 Websphere Portal | 2018-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | |||||