Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0793 | 1 Google | 1 Android | 2017-09-15 | 7.1 HIGH | 5.5 MEDIUM |
| A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. | |||||
| CVE-2017-0779 | 1 Google | 1 Android | 2017-09-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. | |||||
| CVE-2017-0776 | 1 Google | 1 Android | 2017-09-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. | |||||
| CVE-2017-0777 | 1 Google | 1 Android | 2017-09-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. | |||||
| CVE-2015-6250 | 1 Simple-php-captcha Project | 1 Simple-php-captcha | 2017-09-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. | |||||
| CVE-2017-0792 | 1 Google | 1 Android | 2017-09-12 | 3.3 LOW | 6.5 MEDIUM |
| A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. | |||||
| CVE-2015-5677 | 1 Freebsd | 1 Freebsd | 2017-09-10 | 2.1 LOW | 5.5 MEDIUM |
| bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. | |||||
| CVE-2017-9150 | 1 Linux | 1 Linux Kernel | 2017-09-09 | 2.1 LOW | 5.5 MEDIUM |
| The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. | |||||
| CVE-2017-7495 | 1 Linux | 1 Linux Kernel | 2017-09-09 | 2.1 LOW | 5.5 MEDIUM |
| fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. | |||||
| CVE-2017-9978 | 1 Osnexus | 1 Quantastor | 2017-09-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames. | |||||
| CVE-2017-11356 | 1 Pega | 1 Pega Platform | 2017-09-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control. | |||||
| CVE-2016-2971 | 1 Ibm | 1 Sametime | 2017-09-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. | |||||
| CVE-2016-2969 | 1 Ibm | 1 Sametime | 2017-09-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | |||||
| CVE-2017-12870 | 1 Simplesamlphp | 1 Simplesamlphp | 2017-09-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | |||||
| CVE-2016-2970 | 1 Ibm | 1 Sametime | 2017-09-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | |||||
| CVE-2016-0358 | 1 Ibm | 1 Sametime | 2017-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | |||||
| CVE-2016-2966 | 1 Ibm | 1 Sametime | 2017-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | |||||
| CVE-2016-2964 | 1 Ibm | 1 Sametime | 2017-09-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. | |||||
| CVE-2016-2976 | 1 Ibm | 1 Sametime | 2017-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. | |||||
| CVE-2016-6435 | 1 Cisco | 1 Firepower Management Center | 2017-09-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |||||
| CVE-2016-6689 | 1 Google | 1 Android | 2017-09-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347. | |||||
| CVE-2017-1110 | 1 Ibm | 1 Curam Social Program Management | 2017-09-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915. | |||||
| CVE-2013-7431 | 1 Mapsplugin | 1 Googlemaps | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. | |||||
| CVE-2016-3649 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. | |||||
| CVE-2016-4646 | 1 Apple | 1 Mac Os X | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | |||||
| CVE-2016-4648 | 1 Apple | 1 Mac Os X | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2017-0038 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2017-09-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. | |||||
| CVE-2016-0338 | 1 Ibm | 1 Security Identity Manager Adapter | 2017-09-01 | 2.1 LOW | 6.2 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process. | |||||
| CVE-2016-0899 | 1 Emc | 1 Rsa Archer Egrc | 2017-09-01 | 3.5 LOW | 6.3 MEDIUM |
| EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. | |||||
| CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2017-09-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |||||
| CVE-2017-5487 | 1 Wordpress | 1 Wordpress | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. | |||||
| CVE-2016-1864 | 1 Apple | 2 Iphone Os, Safari | 2017-09-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | |||||
| CVE-2016-2079 | 1 Vmware | 2 Nsx Edge, Vcloud Networking And Security Edge | 2017-09-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4595 | 1 Apple | 1 Mac Os X | 2017-09-01 | 2.1 LOW | 4.6 MEDIUM |
| Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure. | |||||
| CVE-2016-4628 | 1 Apple | 2 Iphone Os, Watchos | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-4635 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-01 | 3.5 LOW | 5.3 MEDIUM |
| FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | |||||
| CVE-2016-5137 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. | |||||
| CVE-2016-5306 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | |||||
| CVE-2016-6310 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-30 | 2.1 LOW | 5.5 MEDIUM |
| oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | |||||
| CVE-2016-2958 | 1 Ibm | 1 Connections | 2017-08-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. | |||||
| CVE-2017-6778 | 1 Cisco | 1 Ultra Services Platform | 2017-08-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2017-6783 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2017-08-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance). | |||||
| CVE-2017-6784 | 1 Cisco | 6 Small Business Rv340, Small Business Rv340 Firmware, Small Business Rv345 and 3 more | 2017-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16. | |||||
| CVE-2017-1501 | 1 Ibm | 1 Websphere Application Server | 2017-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. | |||||
| CVE-2017-6786 | 1 Cisco | 1 Elastic Services Controller | 2017-08-24 | 4.6 MEDIUM | 6.3 MEDIUM |
| A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-8254 | 1 Google | 1 Android | 2017-08-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | |||||
| CVE-2017-6777 | 1 Cisco | 1 Elastic Services Controller | 2017-08-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2). | |||||
| CVE-2017-6772 | 1 Cisco | 1 Elastic Services Controller | 2017-08-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2). | |||||
| CVE-2017-9682 | 1 Google | 1 Android | 2017-08-22 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||||
| CVE-2017-10084 | 1 Oracle | 1 Flexcube Universal Banking | 2017-08-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||