Total
10178 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11814 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785. | ||||
| CVE-2017-11833 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | ||||
| CVE-2017-11834 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2025-04-20 | N/A |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791. | ||||
| CVE-2017-11851 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-20 | N/A |
| The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. | ||||
| CVE-2017-12083 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | N/A |
| An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. | ||||
| CVE-2017-12216 | 1 Cisco | 1 Socialminer | 2025-04-20 | N/A |
| A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. | ||||
| CVE-2017-12224 | 1 Cisco | 1 Meeting Server | 2025-04-20 | N/A |
| A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873. | ||||
| CVE-2017-17734 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | ||||
| CVE-2017-17735 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | ||||
| CVE-2017-12734 | 1 Siemens | 2 Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware | 2025-04-20 | 7.5 High |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. | ||||
| CVE-2017-12737 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2025-04-20 | N/A |
| An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. | ||||
| CVE-2017-12855 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. | ||||
| CVE-2017-1333 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | N/A |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. | ||||
| CVE-2017-1346 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | N/A |
| IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. | ||||
| CVE-2017-1353 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | N/A |
| IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. | ||||
| CVE-2017-1355 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | N/A |
| IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. | ||||
| CVE-2017-13664 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | N/A |
| Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | ||||
| CVE-2017-13701 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2025-04-20 | N/A |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. | ||||
| CVE-2017-13805 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state. | ||||
| CVE-2017-13852 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. | ||||