Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5310 | 1 Google | 1 Android | 2018-02-21 | 3.3 LOW | 4.3 MEDIUM |
| The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. | |||||
| CVE-2017-1000250 | 1 Bluez | 1 Bluez | 2018-02-16 | 3.3 LOW | 6.5 MEDIUM |
| All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. | |||||
| CVE-2013-7435 | 1 Evergreen-ils | 1 Evergreen | 2018-02-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | |||||
| CVE-2018-6008 | 1 Joomlatag | 1 Jtag Members Directory | 2018-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | |||||
| CVE-2015-2203 | 1 Evergreen-ils | 1 Evergreen | 2018-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | |||||
| CVE-2015-2204 | 1 Evergreen-ils | 1 Evergreen | 2018-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | |||||
| CVE-2016-0312 | 1 Ibm | 1 Tririga Application Platform | 2018-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. | |||||
| CVE-2014-9970 | 1 Jasypt Project | 1 Jasypt | 2018-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| jasypt before 1.9.2 allows a timing attack against the password hash comparison. | |||||
| CVE-2018-6014 | 1 Subsonic | 1 Subsonic | 2018-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data. | |||||
| CVE-2018-5319 | 1 Ravpower | 1 Filehub Firmware | 2018-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | |||||
| CVE-2018-6015 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2018-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. | |||||
| CVE-2017-1681 | 1 Ibm | 1 Liberty | 2018-02-09 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003. | |||||
| CVE-2017-1000505 | 1 Jenkins | 1 Script Security | 2018-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval. | |||||
| CVE-2017-2744 | 1 Hp | 1 Support Assistant | 2018-02-09 | 2.1 LOW | 5.5 MEDIUM |
| The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. | |||||
| CVE-2017-1515 | 1 Ibm | 1 Rational Doors | 2018-02-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | |||||
| CVE-2017-15713 | 1 Apache | 1 Hadoop | 2018-02-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. | |||||
| CVE-2018-1044 | 1 Moodle | 1 Moodle | 2018-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | |||||
| CVE-2018-5726 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2018-02-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. | |||||
| CVE-2012-3353 | 1 Apache | 1 Sling Jcr Contentloader | 2018-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader | |||||
| CVE-2017-13206 | 1 Google | 1 Android | 2018-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048. | |||||