Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5045 | 1 Netapp | 1 Oncommand System Manager | 2017-07-05 | 6.8 MEDIUM | 8.1 HIGH |
| NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | |||||
| CVE-2017-9731 | 1 Yocto Project | 1 Yp Core-pyro | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package. | |||||
| CVE-2017-8575 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability." | |||||
| CVE-2017-8554 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-07-03 | 1.9 LOW | 4.7 MEDIUM |
| The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. | |||||
| CVE-2016-9852 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. | |||||
| CVE-2016-9848 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9854 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. | |||||
| CVE-2016-9853 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. | |||||
| CVE-2016-6612 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-6610 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-6627 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-7555 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | |||||
| CVE-2016-6625 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-9855 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. | |||||
| CVE-2016-6606 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 8.1 HIGH |
| An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-6613 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 2.1 LOW | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2015-7981 | 4 Canonical, Debian, Libpng and 1 more | 10 Ubuntu Linux, Debian Linux, Libpng and 7 more | 2017-07-01 | 5.0 MEDIUM | N/A |
| The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | |||||
| CVE-2016-2849 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | |||||
| CVE-2015-3187 | 2 Apache, Apple | 2 Subversion, Xcode | 2017-07-01 | 4.0 MEDIUM | N/A |
| The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. | |||||
| CVE-2015-7628 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2017-07-01 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | |||||