Search Results (10810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6642 1 Cisco 1 Remote Expert Manager 2025-04-20 N/A
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.
CVE-2017-6651 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
CVE-2017-7644 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541.
CVE-2017-12857 1 Polycom 4 Realpresence Trio, Soundstation Ip, Unified Communications Software and 1 more 2025-04-20 N/A
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
CVE-2017-12872 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2025-04-20 N/A
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
CVE-2017-7923 1 Hikvision 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more 2025-04-20 N/A
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.
CVE-2017-14009 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2025-04-20 N/A
An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.
CVE-2017-9476 2 Cisco, Commscope 4 Dpc3939, Dpc3939 Firmware, Arris Tg1682g and 1 more 2025-04-20 6.5 Medium
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.
CVE-2017-9478 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname.
CVE-2017-9484 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations.
CVE-2017-9486 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors.
CVE-2017-1292 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2025-04-20 N/A
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
CVE-2017-7947 1 Netapp 1 Clustered Data Ontap 2025-04-20 N/A
NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
CVE-2017-9487 1 Cisco 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover a WAN IPv6 IP address by leveraging knowledge of the CM MAC address.
CVE-2017-7983 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2017-7995 3 Novell, Suse, Xen 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more 2025-04-20 N/A
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
CVE-2017-8037 1 Cloudfoundry 2 Capi-release, Cf-release 2025-04-20 N/A
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
CVE-2017-9491 2 Cisco, Commscope 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more 2025-04-20 5.3 Medium
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
CVE-2017-8057 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVE-2017-8498 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 N/A
Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504.