Total
10441 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3884 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-04-20 | N/A |
| A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | ||||
| CVE-2017-11145 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-20 | N/A |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. | ||||
| CVE-2017-3871 | 1 Cisco | 1 Prime Optical | 2025-04-20 | N/A |
| A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1). | ||||
| CVE-2017-3805 | 1 Cisco | 1 Iox | 2025-04-20 | N/A |
| A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0). | ||||
| CVE-2017-3560 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-20 | N/A |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2016-9165 | 1 Ca | 2 Unified Infrastructure Management, Unified Infrastructure Management Snap | 2025-04-20 | N/A |
| The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. | ||||
| CVE-2017-3764 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. | ||||
| CVE-2017-3743 | 1 Lenovo | 3 Advanced Settings Utility, Toolscenter Dynamic System Analysis, Updatexpress System Pack Installer | 2025-04-20 | N/A |
| If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. | ||||
| CVE-2017-3842 | 1 Cisco | 1 Intrusion Prevention System Device Manager | 2025-04-20 | N/A |
| A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7. | ||||
| CVE-2017-3841 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | N/A |
| A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). | ||||
| CVE-2017-3315 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Eperformance | 2025-04-20 | N/A |
| Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). | ||||
| CVE-2017-3797 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7. | ||||
| CVE-2017-3111 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | ||||
| CVE-2017-3110 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | ||||
| CVE-2017-3087 | 1 Adobe | 1 Captivate | 2025-04-20 | N/A |
| Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. | ||||
| CVE-2017-3067 | 1 Adobe | 1 Experience Manager Forms | 2025-04-20 | N/A |
| Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. | ||||
| CVE-2016-5076 | 1 Cloudviewnms | 1 Cloudview Nms | 2025-04-20 | N/A |
| CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. | ||||
| CVE-2017-2686 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | ||||
| CVE-2017-2685 | 1 Siemens | 3 Sinumerik Integrate Access Mymachine\/ethernet, Sinumerik Integrate Operate Client, Sinumerik Operate | 2025-04-20 | N/A |
| Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | ||||
| CVE-2017-2550 | 1 Kubik-rubik | 1 Easy Joomla Backup | 2025-04-20 | N/A |
| Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. | ||||