Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0652 | 1 Apple | 1 Mac Os X | 2017-12-04 | 4.9 MEDIUM | N/A |
| Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2017-1000226 | 1 Fullworks | 1 Stop User Enumeration | 2017-12-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Stop User Enumeration 1.3.8 allows user enumeration via the REST API | |||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2017-12-04 | 1.9 LOW | N/A |
| The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||||
| CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2017-12-04 | 5.0 MEDIUM | N/A |
| NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | |||||
| CVE-2017-15517 | 1 Netapp | 1 Altavault Ost Plug-in | 2017-12-04 | 2.1 LOW | 5.5 MEDIUM |
| AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. | |||||
| CVE-2017-1088 | 1 Freebsd | 1 Freebsd | 2017-12-02 | 2.1 LOW | 3.3 LOW |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace. | |||||
| CVE-2017-1086 | 1 Freebsd | 1 Freebsd | 2017-12-02 | 2.1 LOW | 3.3 LOW |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace. | |||||
| CVE-2017-1000199 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2017-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | |||||
| CVE-2017-11853 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-12-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | |||||
| CVE-2017-11852 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2017-12-01 | 1.9 LOW | 4.7 MEDIUM |
| Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | |||||
| CVE-2017-11849 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-12-01 | 1.9 LOW | 4.7 MEDIUM |
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. | |||||
| CVE-2017-9701 | 1 Google | 1 Android | 2017-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. | |||||
| CVE-2017-16540 | 1 Open-emr | 1 Openemr | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter. | |||||
| CVE-2017-11835 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2017-11-30 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | |||||
| CVE-2017-11028 | 1 Google | 1 Android | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data(). | |||||
| CVE-2017-11022 | 1 Google | 1 Android | 2017-11-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file. | |||||
| CVE-2017-12737 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2017-11-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. | |||||
| CVE-2017-9369 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | |||||
| CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | |||||
| CVE-2017-10267 | 1 Oracle | 1 Tuxedo | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||