Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7668 | 1 Testlink | 1 Testlink | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
|
|||||
| CVE-2018-7662 | 1 Couchcms | 1 Couch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
|
|||||
| CVE-2018-7661 | 1 Babyphonemobile | 1 Wifi Baby Monitor | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257.
|
|||||
| CVE-2018-7556 | 2 Debian, Limesurvey | 2 Debian Linux, Limesurvey | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
|
|||||
| CVE-2018-7506 | 1 Moxa | 1 Mxview | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.
|
|||||
| CVE-2018-7496 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure.
|
|||||
| CVE-2018-7360 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
|
|||||
| CVE-2018-7317 | 1 Christianwebministries | 1 Proclaim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.
|
|||||
| CVE-2018-7276 | 1 Lutron | 2 Quantum Bacnet Integration, Quantum Bacnet Integration Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.
|
|||||
| CVE-2018-7273 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
|
|||||
| CVE-2018-7272 | 1 Forgerock | 1 Access Management | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
|
|||||
| CVE-2018-7268 | 3 Apple, Linux, Magnicomp | 3 Mac Os X, Linux Kernel, Sysinfo | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on syste ...
Show More |
|||||
| CVE-2018-7251 | 1 Anchorcms | 1 Anchor | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
|
|||||
| CVE-2018-7250 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.
|
|||||
| CVE-2018-7244 | 1 Schneider-electric | 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.
|
|||||
| CVE-2018-7210 | 1 Idashboards | 1 Idashboards | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts.
|
|||||
| CVE-2018-7209 | 1 Idashboards | 1 Idashboards | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports.
|
|||||
| CVE-2018-7122 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2018-7083 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4. ...
Show More |
|||||
| CVE-2018-7071 | 1 Hp | 1 Network Function Virtualization Director | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.
|
|||||
| CVE-2018-7070 | 1 Hp | 1 Centralview Fraud Risk Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
|
|||||
| CVE-2018-7056 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.
|
|||||
| CVE-2018-6921 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
|
|||||
| CVE-2018-6920 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
|
|||||
| CVE-2018-6919 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.
|
|||||
| CVE-2018-6881 | 2 Dedecms, Phome | 2 Dedecms, Empirecms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
|
|||||
| CVE-2018-6849 | 1 Duckduckgo | 1 Duckduckgo | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
|
|||||
| CVE-2018-6846 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php.
|
|||||
| CVE-2018-6808 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
|
|||||
| CVE-2018-6806 | 1 Marked 2 Project | 1 Marked 2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls.
|
|||||
| CVE-2018-6790 | 1 Kde | 1 Plasma-workspace | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
|
|||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
|
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
|
|||||
| CVE-2018-6610 | 1 Jlike Project | 1 Jlike | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.
|
|||||
| CVE-2018-6608 | 1 Opera | 1 Opera Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
|
|||||
| CVE-2018-6596 | 2 Debian, Django-anymail Project | 2 Debian Linux, Django-anymail | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
|
|||||
| CVE-2018-6591 | 1 Conversejs | 1 Converse.js | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.
|
|||||
| CVE-2018-6559 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
|
|||||
| CVE-2018-6526 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
|
|||||
| CVE-2018-6487 | 1 Microfocus | 1 Universal Cmdb Foundation Software | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.
|
|||||
| CVE-2018-6470 | 2 Apple, Nibbleblog | 2 Macos, Nibbleblog | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.
|
|||||