Export limit exceeded: 10766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1000151 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
CVE-2017-1000157 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
CVE-2017-14494 5 Canonical, Debian, Novell and 2 more 9 Ubuntu Linux, Debian Linux, Leap and 6 more 2025-04-20 N/A
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-1000362 1 Jenkins 1 Jenkins 2025-04-20 N/A
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
CVE-2016-4839 1 Moneyforward 10 Money Forward For Apppass, Money Forward For Au Smartpass, Money Forward For Chou Houdai and 7 more 2025-04-20 5.5 Medium
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.
CVE-2016-4869 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
CVE-2016-4872 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
CVE-2017-1002100 1 Kubernetes 1 Kubernetes 2025-04-20 N/A
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
CVE-2017-2730 2 Apple, Huawei 3 Iphone Os, Hilink, Tech Support 2025-04-20 N/A
HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.
CVE-2016-4992 1 Redhat 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more 2025-04-20 N/A
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
CVE-2016-5014 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
CVE-2017-15098 3 Debian, Postgresql, Redhat 3 Debian Linux, Postgresql, Rhel Software Collections 2025-04-20 N/A
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
CVE-2017-15099 3 Debian, Postgresql, Redhat 3 Debian Linux, Postgresql, Rhel Software Collections 2025-04-20 N/A
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
CVE-2017-2732 1 Huawei 1 Hilink 2025-04-20 N/A
Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data.
CVE-2017-15236 1 Tiandy 2 Tiandy Ip Camera, Tiandy Ip Camera Firmware 2025-04-20 N/A
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
CVE-2017-15277 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2025-04-20 N/A
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVE-2017-10164 1 Oracle 1 Peoplesoft Enterprise Fin Staffing Front Office 2025-04-20 N/A
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2017-2685 1 Siemens 3 Sinumerik Integrate Access Mymachine\/ethernet, Sinumerik Integrate Operate Client, Sinumerik Operate 2025-04-20 N/A
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.
CVE-2017-10280 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-20 N/A
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-1538 1 Ibm 1 Financial Transaction Manager 2025-04-20 N/A
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.