Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0598 | 1 Google | 1 Android | 2017-05-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677. | |||||
| CVE-2016-10293 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943. | |||||
| CVE-2016-10296 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782. | |||||
| CVE-2017-0626 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050. | |||||
| CVE-2017-0632 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915. | |||||
| CVE-2017-0633 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131. | |||||
| CVE-2017-0631 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232. | |||||
| CVE-2017-0624 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832. | |||||
| CVE-2017-0628 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833. | |||||
| CVE-2017-0630 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. | |||||
| CVE-2017-0634 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682. | |||||
| CVE-2017-0629 | 1 Linux | 1 Linux Kernel | 2017-05-19 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833. | |||||
| CVE-2016-8916 | 1 Ibm | 1 Tivoli Storage Manager | 2017-05-17 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. | |||||
| CVE-2017-8878 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2017-05-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | |||||
| CVE-2017-8877 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2017-05-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | |||||
| CVE-2016-0382 | 1 Ibm | 1 Tealeaf Consumer Experience | 2017-05-12 | 2.1 LOW | 4.0 MEDIUM |
| The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. | |||||
| CVE-2016-4442 | 1 Miniprofiler | 1 Rack-mini-profiler | 2017-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. | |||||
| CVE-2016-5810 | 1 Advantech | 1 Webaccess | 2017-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | |||||
| CVE-2017-2103 | 1 K-opticom Corporation | 1 Lala Call | 2017-05-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-1141 | 1 Ibm | 1 Insights Foundation For Energy | 2017-05-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | |||||
| CVE-2017-2105 | 1 Presentcast Inc | 1 Tver | 2017-05-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-2104 | 1 K-opticom Corporation | 1 Business Lala Call | 2017-05-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3560 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2017-05-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-3552 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2017-05-04 | 3.5 LOW | 4.3 MEDIUM |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-2093 | 1 Cybozu | 1 Garoon | 2017-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | |||||
| CVE-2017-8057 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. | |||||
| CVE-2017-7983 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | |||||
| CVE-2016-8271 | 1 Huawei | 2 Espace Iad, Espace Iad Firmware | 2017-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | |||||
| CVE-2017-2326 | 1 Juniper | 1 Northstar Controller | 2017-04-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. | |||||
| CVE-2016-1187 | 1 Cybozu | 1 Kunai | 2017-04-27 | 4.3 MEDIUM | 6.8 MEDIUM |
| Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | |||||
| CVE-2017-2318 | 1 Juniper | 1 Northstar Controller | 2017-04-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges. | |||||
| CVE-2017-2328 | 1 Juniper | 1 Northstar Controller | 2017-04-27 | 2.1 LOW | 5.5 MEDIUM |
| An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller. | |||||
| CVE-2016-3702 | 1 Redhat | 1 Cloudforms Management Engine | 2017-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | |||||
| CVE-2016-8923 | 1 Ibm | 1 Curam Social Program Management | 2017-04-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. | |||||
| CVE-2016-9978 | 1 Ibm | 1 Curam Social Program Management | 2017-04-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | |||||
| CVE-2016-6341 | 1 Ovirt | 1 Ovirt | 2017-04-25 | 2.1 LOW | 5.5 MEDIUM |
| oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | |||||
| CVE-2016-4842 | 1 Cybozu | 1 Mailwise | 2017-04-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | |||||
| CVE-2016-4844 | 1 Cybozu | 1 Mailwise | 2017-04-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | |||||
| CVE-2016-7060 | 1 Redhat | 1 Quickstart Cloud Installer | 2017-04-25 | 2.1 LOW | 4.6 MEDIUM |
| The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2017-7282 | 1 Unitrends | 1 Enterprise Backup | 2017-04-25 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). | |||||
| CVE-2016-4843 | 1 Cybozu | 1 Mailwise | 2017-04-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | |||||
| CVE-2016-3037 | 1 Ibm | 1 Cognos Business Intelligence | 2017-04-21 | 3.5 LOW | 5.7 MEDIUM |
| IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613. | |||||
| CVE-2016-8926 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. | |||||
| CVE-2016-8925 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. | |||||
| CVE-2016-8724 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. | |||||
| CVE-2016-8725 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2017-7345 | 1 Netapp | 1 Clustered Data Ontap | 2017-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2017-04-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | |||||
| CVE-2017-5672 | 1 Kony | 1 Enterprise Mobile Management | 2017-04-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||||