Total
7433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5925 | 5 Allwinner, Amd, Intel and 2 more | 20 A64, Athlon Ii 640 X4, E-350 and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | |||||
| CVE-2017-5892 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. | |||||
| CVE-2017-5866 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-5865 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | |||||
| CVE-2017-5811 | 1 Hp | 1 Network Automation | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5803 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | |||||
| CVE-2017-5801 | 1 Hp | 1 Business Process Monitor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found. | |||||
| CVE-2017-5797 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found. | |||||
| CVE-2017-5795 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | |||||
| CVE-2017-5788 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found. | |||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-5754 | 2 Arm, Intel | 209 Cortex-a, Atom C, Atom E and 206 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | |||||
| CVE-2017-5738 | 1 Intel | 1 Unite | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. | |||||
| CVE-2017-5674 | 1 Embedthis | 1 Goahead | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. | |||||
| CVE-2017-5672 | 1 Kony | 1 Enterprise Mobile Management | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||||
| CVE-2017-5670 | 1 Riverbed | 1 Rios | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. | |||||
| CVE-2017-5658 | 1 Apache | 1 Pony Mail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue. | |||||
| CVE-2017-5655 | 1 Apache | 1 Ambari | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host. | |||||
| CVE-2017-5649 | 1 Apache | 1 Geode | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster. | |||||
| CVE-2017-5647 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. | |||||