Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8281 | 1 Google | 1 Android | 2017-12-06 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | |||||
| CVE-2017-1000380 | 1 Linux | 1 Linux Kernel | 2017-12-06 | 2.1 LOW | 5.5 MEDIUM |
| sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. | |||||
| CVE-2012-1464 | 1 Netmechanica | 1 Netdecision | 2017-12-06 | 5.0 MEDIUM | N/A |
| Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2017-11832 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Server 2012 | 2017-12-05 | 1.9 LOW | 4.7 MEDIUM |
| The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. | |||||
| CVE-2017-11880 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-12-05 | 1.9 LOW | 4.7 MEDIUM |
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. | |||||
| CVE-2012-0652 | 1 Apple | 1 Mac Os X | 2017-12-05 | 4.9 MEDIUM | N/A |
| Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2012-0651 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-12-05 | 5.0 MEDIUM | N/A |
| The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||||
| CVE-2017-1000226 | 1 Fullworks | 1 Stop User Enumeration | 2017-12-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Stop User Enumeration 1.3.8 allows user enumeration via the REST API | |||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2017-12-04 | 1.9 LOW | N/A |
| The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||||
| CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2017-12-04 | 5.0 MEDIUM | N/A |
| NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | |||||
| CVE-2017-15517 | 1 Netapp | 1 Altavault Ost Plug-in | 2017-12-04 | 2.1 LOW | 5.5 MEDIUM |
| AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. | |||||
| CVE-2017-1088 | 1 Freebsd | 1 Freebsd | 2017-12-02 | 2.1 LOW | 3.3 LOW |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace. | |||||
| CVE-2017-1086 | 1 Freebsd | 1 Freebsd | 2017-12-02 | 2.1 LOW | 3.3 LOW |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace. | |||||
| CVE-2017-1000199 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2017-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | |||||
| CVE-2017-11853 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-12-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | |||||
| CVE-2017-11852 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2017-12-01 | 1.9 LOW | 4.7 MEDIUM |
| Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | |||||
| CVE-2017-11849 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-12-01 | 1.9 LOW | 4.7 MEDIUM |
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. | |||||
| CVE-2017-9701 | 1 Google | 1 Android | 2017-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. | |||||
| CVE-2017-16540 | 1 Open-emr | 1 Openemr | 2017-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter. | |||||
| CVE-2017-11835 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2017-11-30 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | |||||