Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8324 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325.
|
|||||
| CVE-2018-8315 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2024-11-21 | 4.0 MEDIUM | 4.2 MEDIUM |
|
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
|
|||||
| CVE-2018-8305 | 1 Microsoft | 4 Windows 8.1, Windows Calendar, Windows Mail and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.
|
|||||
| CVE-2018-8297 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325.
|
|||||
| CVE-2018-8292 | 1 Microsoft | 2 Asp.net Core, Powershell Core | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
|
|||||
| CVE-2018-8289 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325.
|
|||||
| CVE-2018-8271 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8246 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
|
|||||
| CVE-2018-8239 | 1 Microsoft | 3 Windows 10, Windows Server 1803, Windows Server 2016 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8234 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.
|
|||||
| CVE-2018-8209 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 2.7 LOW | 8.0 HIGH |
|
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8207 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121.
|
|||||
| CVE-2018-8163 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.
|
|||||
| CVE-2018-8160 | 1 Microsoft | 4 Office, Office Compatibility Pack, Sharepoint Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
|
|||||
| CVE-2018-8145 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
|
|||||
| CVE-2018-8141 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127.
|
|||||
| CVE-2018-8127 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.
|
|||||
| CVE-2018-8123 | 1 Microsoft | 1 Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.
|
|||||
| CVE-2018-8056 | 1 Cobub | 1 Razor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
|
|||||
| CVE-2018-8033 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
|
|||||
| CVE-2018-8024 | 2 Apache, Mozilla | 2 Spark, Firefox | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.
|
|||||
| CVE-2018-8023 | 1 Apache | 1 Mesos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation fun ...
Show More |
|||||
| CVE-2018-7977 | 1 Huawei | 1 Fusionsphere Openstack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.
|
|||||
| CVE-2018-7961 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.
|
|||||
| CVE-2018-7946 | 1 Huawei | 4 Honor 7a, Honor 7a Firmware, Honor 9 Lite and 1 more | 2024-11-21 | 1.9 LOW | 4.3 MEDIUM |
|
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.
|
|||||
| CVE-2018-7938 | 1 Huawei | 2 P10, P10 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak.
|
|||||
| CVE-2018-7930 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
|
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.
|
|||||
| CVE-2018-7921 | 1 Huawei | 2 B315s-22, B315s-22 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.
|
|||||
| CVE-2018-7907 | 1 Huawei | 38 Agassi-l09, Agassi-l09 Firmware, Agassi-w09 and 35 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00 ...
Show More |
|||||
| CVE-2018-7900 | 1 Huawei | 12 Hg8010h, Hg8010h Firmware, Hg8040h and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.
|
|||||
| CVE-2018-7848 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
|
|||||
| CVE-2018-7844 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
|
|||||
| CVE-2018-7812 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
|
|||||
| CVE-2018-7776 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.
|
|||||
| CVE-2018-7755 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
|
|||||
| CVE-2018-7737 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability
|
|||||
| CVE-2018-7704 | 1 Securenvoy | 1 Securmail | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
|
|||||
| CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
|
|||||
| CVE-2018-7676 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
|
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
|
|||||
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2024-11-21 | 3.5 LOW | 2.8 LOW |
|
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case ...
Show More |
|||||