Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5383 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2025-04-20 | N/A |
| Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. | ||||
| CVE-2017-7978 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | N/A |
| Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. | ||||
| CVE-2015-1849 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-20 | N/A |
| AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | ||||
| CVE-2017-8121 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | ||||
| CVE-2017-7683 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | ||||
| CVE-2016-5014 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. | ||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2025-04-20 | N/A |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | ||||
| CVE-2017-8130 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | ||||
| CVE-2017-7488 | 2 Authconfig Project, Redhat | 2 Authconfig, Enterprise Linux | 2025-04-20 | N/A |
| Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | ||||
| CVE-2017-7455 | 1 Moxa | 1 Mxview | 2025-04-20 | N/A |
| Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | ||||
| CVE-2017-7575 | 1 Schneider-electric | 2 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware | 2025-04-20 | N/A |
| Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | ||||
| CVE-2017-7313 | 1 Personify | 1 Personify360 E-business | 2025-04-20 | N/A |
| An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required. | ||||
| CVE-2016-8313 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts). | ||||
| CVE-2017-7415 | 1 Atlassian | 1 Confluence Server | 2025-04-20 | N/A |
| Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | ||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2025-04-20 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | ||||
| CVE-2017-8239 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. | ||||
| CVE-2017-8449 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index. | ||||
| CVE-2017-7090 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. | ||||
| CVE-2016-4976 | 1 Apache | 1 Ambari | 2025-04-20 | N/A |
| Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | ||||
| CVE-2017-7113 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. | ||||