Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1484 | 1 Ibm | 1 Websphere Commerce | 2017-12-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. | |||||
| CVE-2017-17104 | 1 Fiyo | 1 Fiyo Cms | 2017-12-15 | 7.8 HIGH | 7.5 HIGH |
| Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | |||||
| CVE-2017-16369 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2017-12-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc. | |||||
| CVE-2016-6883 | 1 Matrixssl | 1 Matrixssl | 2017-12-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | |||||
| CVE-2016-6311 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | |||||
| CVE-2016-6882 | 1 Matrixssl | 1 Matrixssl | 2017-12-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | |||||
| CVE-2017-1251 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | |||||
| CVE-2017-11273 | 1 Adobe | 1 Digital Editions | 2017-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure. | |||||
| CVE-2016-6024 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. | |||||
| CVE-2017-1570 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. | |||||
| CVE-2017-3111 | 1 Adobe | 1 Experience Manager | 2017-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | |||||
| CVE-2017-1240 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. | |||||
| CVE-2012-1670 | 1 Phpgradebook | 1 Php Grade Book | 2017-12-13 | 5.0 MEDIUM | N/A |
| admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action. | |||||
| CVE-2012-1920 | 1 Atmail | 1 Atmail Open | 2017-12-13 | 5.0 MEDIUM | N/A |
| @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||||
| CVE-2017-8860 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2017-12-12 | 5.0 MEDIUM | 6.5 MEDIUM |
| Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request. | |||||
| CVE-2017-8863 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2017-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. | |||||
| CVE-2017-2733 | 1 Huawei | 2 Honor 6x, Honor 6x Firmware | 2017-12-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN. | |||||
| CVE-2017-2730 | 2 Apple, Huawei | 3 Iphone Os, Hilink, Tech Support | 2017-12-11 | 2.9 LOW | 3.5 LOW |
| HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. | |||||
| CVE-2017-2715 | 1 Huawei | 1 Files | 2017-12-11 | 2.1 LOW | 7.8 HIGH |
| The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak. | |||||
| CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2017-12-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | |||||