Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5496 | 1 Sawmill | 1 Sawmill | 2017-08-31 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. | |||||
| CVE-2017-5521 | 1 Netgear | 26 Ac1450, Ac1450 Firmware, D6220 and 23 more | 2017-08-31 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | |||||
| CVE-2016-5134 | 1 Google | 1 Chrome | 2017-08-31 | 4.3 MEDIUM | 8.8 HIGH |
| net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. | |||||
| CVE-2016-6310 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-30 | 2.1 LOW | 5.5 MEDIUM |
| oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | |||||
| CVE-2017-1422 | 1 Ibm | 1 Maas360 Dtm | 2017-08-29 | 2.1 LOW | 3.3 LOW |
| IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. | |||||
| CVE-2015-1800 | 1 Samsung | 2 Galaxy S4, Galaxy S4 Firmware | 2017-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | |||||
| CVE-2014-4403 | 1 Apple | 1 Mac Os X | 2017-08-28 | 2.1 LOW | N/A |
| The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | |||||
| CVE-2014-4409 | 1 Apple | 1 Iphone Os | 2017-08-28 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | |||||
| CVE-2014-4426 | 1 Apple | 1 Mac Os X | 2017-08-28 | 4.3 MEDIUM | N/A |
| AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | |||||
| CVE-2014-4439 | 1 Apple | 1 Mac Os X | 2017-08-28 | 4.3 MEDIUM | N/A |
| Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | |||||
| CVE-2014-4440 | 1 Apple | 1 Mac Os X | 2017-08-28 | 2.6 LOW | N/A |
| The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | |||||
| CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-28 | 5.0 MEDIUM | N/A |
| Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4458 | 1 Apple | 1 Mac Os X | 2017-08-28 | 5.0 MEDIUM | N/A |
| The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-28 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | |||||
| CVE-2014-4620 | 2 Emc, Meditech | 2 Networker, Meditech | 2017-08-28 | 2.1 LOW | N/A |
| The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2014-4761 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 4.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
| CVE-2014-4746 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests. | |||||
| CVE-2014-4750 | 1 Ibm | 1 Powervc | 2017-08-28 | 2.9 LOW | N/A |
| IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2014-4766 | 1 Ibm | 1 Classic Meeting Server | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | |||||
| CVE-2014-4781 | 1 Ibm | 1 Infosphere Biginsights | 2017-08-28 | 5.0 MEDIUM | N/A |
| The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. | |||||