Total
10326 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0814 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140. | ||||
| CVE-2017-15597 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. | ||||
| CVE-2017-0009 | 1 Microsoft | 1 Internet Explorer | 2025-04-20 | N/A |
| Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068. | ||||
| CVE-2017-0808 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. | ||||
| CVE-2017-0049 | 1 Microsoft | 1 Internet Explorer | 2025-04-20 | N/A |
| The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037. | ||||
| CVE-2017-0792 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. | ||||
| CVE-2017-5670 | 1 Riverbed | 1 Rios | 2025-04-20 | N/A |
| Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. | ||||
| CVE-2017-0779 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. | ||||
| CVE-2017-0777 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. | ||||
| CVE-2017-0739 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181. | ||||
| CVE-2017-0698 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458. | ||||
| CVE-2014-9970 | 2 Jasypt Project, Redhat | 8 Jasypt, Enterprise Linux, Jboss Bpms and 5 more | 2025-04-20 | N/A |
| jasypt before 1.9.2 allows a timing attack against the password hash comparison. | ||||
| CVE-2016-4976 | 1 Apache | 1 Ambari | 2025-04-20 | N/A |
| Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | ||||
| CVE-2017-5672 | 1 Kony | 1 Enterprise Mobile Management | 2025-04-20 | N/A |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | ||||
| CVE-2017-3292 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | N/A |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 5.7 (Confidentiality impacts). | ||||
| CVE-2016-8271 | 1 Huawei | 2 Espace Iad, Espace Iad Firmware | 2025-04-20 | N/A |
| Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | ||||
| CVE-2016-4950 | 1 Cloudera | 1 Manager | 2025-04-20 | N/A |
| Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | ||||
| CVE-2017-3296 | 1 Oracle | 1 Commerce Platform | 2025-04-20 | N/A |
| Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). | ||||
| CVE-2016-4947 | 1 Cloudera | 1 Hue | 2025-04-20 | N/A |
| Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. | ||||
| CVE-2017-0651 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. | ||||