Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7886 | 1 Netapp | 1 Data Ontap | 2017-11-15 | 4.3 MEDIUM | 3.7 LOW |
| NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. | |||||
| CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-15 | 4.3 MEDIUM | 3.7 LOW |
| Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | |||||
| CVE-2015-8544 | 1 Netapp | 1 Snapdrive | 2017-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1563 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-15 | 5.8 MEDIUM | 6.8 MEDIUM |
| NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-3064 | 1 Netapp | 1 Clustered Data Ontap | 2017-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | |||||
| CVE-2017-1000143 | 1 Mahara | 1 Mahara | 2017-11-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. | |||||
| CVE-2016-0270 | 1 Ibm | 3 Client Application Access, Domino, Notes | 2017-11-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. | |||||
| CVE-2017-12855 | 1 Xen | 1 Xen | 2017-11-14 | 2.1 LOW | 6.5 MEDIUM |
| Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. | |||||
| CVE-2014-3508 | 1 Openssl | 1 Openssl | 2017-11-14 | 4.3 MEDIUM | N/A |
| The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. | |||||
| CVE-2017-15937 | 1 Artica | 1 Pandora Fms | 2017-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). | |||||
| CVE-2017-1583 | 1 Ibm | 1 Liberty | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | |||||
| CVE-2017-1295 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-11-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. | |||||
| CVE-2017-1241 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-11-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. | |||||
| CVE-2017-1000151 | 1 Mahara | 1 Mahara | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | |||||
| CVE-2017-1000155 | 1 Mahara | 1 Mahara | 2017-11-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages. | |||||
| CVE-2017-1000157 | 1 Mahara | 1 Mahara | 2017-11-13 | 3.5 LOW | 4.4 MEDIUM |
| Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. | |||||
| CVE-2017-1000133 | 1 Mahara | 1 Mahara | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | |||||
| CVE-2017-9368 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | |||||
| CVE-2017-2131 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2017-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | |||||
| CVE-2014-8491 | 1 Codeasily | 1 Grand Flagallery | 2017-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php. | |||||