Total
7433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7787 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2017-7768 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2017-7759 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54. | |||||
| CVE-2017-7738 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | |||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
| CVE-2017-7686 | 1 Apache | 1 Ignite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information. | |||||
| CVE-2017-7683 | 1 Apache | 1 Openmeetings | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | |||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | |||||
| CVE-2017-7644 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. | |||||
| CVE-2017-7633 | 1 Qnap | 1 Qfinder Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. | |||||
| CVE-2017-7630 | 1 Qnap | 1 Qts | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi. | |||||
| CVE-2017-7589 | 1 Openidm Project | 1 Openidm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | |||||
| CVE-2017-7575 | 1 Schneider-electric | 2 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | |||||
| CVE-2017-7568 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | |||||
| CVE-2017-7531 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.3, the course overview block reveals activities in hidden courses. | |||||
| CVE-2017-7510 | 1 Redhat | 1 Ovirt-engine | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. | |||||
| CVE-2017-7495 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. | |||||
| CVE-2017-7488 | 1 Authconfig Project | 1 Authconfig | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | |||||
| CVE-2017-7486 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | |||||
| CVE-2017-7484 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. | |||||