Total
9887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6200 | 1 Sandstorm | 1 Sandstorm | 2024-11-21 | N/A |
| Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name. | ||||
| CVE-2017-5811 | 1 Hp | 1 Network Automation | 2024-11-21 | N/A |
| A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||||
| CVE-2017-5803 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | N/A |
| A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | ||||
| CVE-2017-5801 | 1 Hp | 1 Business Process Monitor | 2024-11-21 | N/A |
| A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found. | ||||
| CVE-2017-5797 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found. | ||||
| CVE-2017-5795 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | ||||
| CVE-2017-5788 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-11-21 | N/A |
| A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found. | ||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | N/A |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | ||||
| CVE-2017-5754 | 3 Arm, Intel, Redhat | 218 Cortex-a, Atom C, Atom E and 215 more | 2024-11-21 | N/A |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | ||||
| CVE-2017-5658 | 1 Apache | 1 Pony Mail | 2024-11-21 | N/A |
| The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue. | ||||
| CVE-2017-5425 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2024-11-21 | N/A |
| The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5414 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-21 | N/A |
| The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5385 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. | ||||
| CVE-2017-5384 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51. | ||||
| CVE-2017-5382 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. | ||||
| CVE-2017-5210 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. | ||||
| CVE-2017-5188 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | ||||
| CVE-2017-4948 | 1 Vmware | 2 Horizon View, Workstation | 2024-11-21 | N/A |
| VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | ||||
| CVE-2017-3972 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. | ||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2024-11-21 | N/A |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | ||||