Total
7433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6706 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-11-21 | 3.6 LOW | 5.1 MEDIUM |
| A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. | |||||
| CVE-2017-6705 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. | |||||
| CVE-2017-6697 | 1 Cisco | 1 Elastic Services Controller | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-6696 | 1 Cisco | 1 Elastic Services Controller | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2). | |||||
| CVE-2017-6695 | 1 Cisco | 1 Ultra Services Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2017-6691 | 1 Cisco | 1 Elastic Services Controller | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2). | |||||
| CVE-2017-6681 | 1 Cisco | 1 Ultra Services Framework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-6651 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950. | |||||
| CVE-2017-6647 | 1 Cisco | 1 Remote Expert Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875. | |||||
| CVE-2017-6646 | 1 Cisco | 1 Remote Expert Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868. | |||||
| CVE-2017-6645 | 1 Cisco | 1 Remote Expert Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861. | |||||
| CVE-2017-6644 | 1 Cisco | 1 Remote Expert Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860. | |||||
| CVE-2017-6643 | 1 Cisco | 1 Remote Expert Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52858. | |||||
| CVE-2017-6642 | 1 Cisco | 1 Remote Expert Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856. | |||||
| CVE-2017-6626 | 1 Cisco | 1 Unified Contact Center Enterprise | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314. | |||||
| CVE-2017-6621 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626. | |||||
| CVE-2017-6614 | 1 Cisco | 1 Findit Network Probe | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. | |||||
| CVE-2017-6514 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring. | |||||
| CVE-2017-6426 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842. | |||||
| CVE-2017-6425 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689. | |||||