Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8498 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504. | |||||
| CVE-2017-8474 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2017-06-20 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-6695 | 1 Cisco | 1 Ultra Services Platform | 2017-06-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2017-6697 | 1 Cisco | 1 Elastic Services Controller | 2017-06-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-6696 | 1 Cisco | 1 Elastic Services Controller | 2017-06-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2). | |||||
| CVE-2017-6691 | 1 Cisco | 1 Elastic Services Controller | 2017-06-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2). | |||||
| CVE-2015-2253 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2017-06-20 | 3.5 LOW | 5.0 MEDIUM |
| The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | |||||
| CVE-2015-2251 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2017-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | |||||
| CVE-2017-1099 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-06-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. | |||||
| CVE-2016-7814 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2017-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | |||||
| CVE-2015-3634 | 1 Slideshow Project | 1 Slideshow | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. | |||||
| CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2017-06-15 | 2.1 LOW | 5.5 MEDIUM |
| server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||||
| CVE-2016-7832 | 1 Cybozu | 1 Dezie | 2017-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2017-2180 | 1 Ipa | 1 Appgoat | 2017-06-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | |||||
| CVE-2016-9710 | 1 Ibm | 1 Cognos Business Intelligence Server | 2017-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618. | |||||
| CVE-2017-7313 | 1 Personify | 1 Personify360 E-business | 2017-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required. | |||||
| CVE-2015-7514 | 1 Openstack | 1 Ironic | 2017-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | |||||
| CVE-2016-9736 | 1 Ibm | 1 Websphere Application Server | 2017-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | |||||
| CVE-2016-5959 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136. | |||||
| CVE-2016-5960 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-06-13 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. | |||||