Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4067 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2018-4052 | 1 Gog | 1 Galaxy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.
|
|||||
| CVE-2018-3988 | 1 Signal | 1 Private Messenger | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
|
|||||
| CVE-2018-3987 | 1 Rakuten | 1 Viber | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android ...
Show More |
|||||
| CVE-2018-3986 | 1 Telegram | 1 Telegram | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications ...
Show More |
|||||
| CVE-2018-3947 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.
|
|||||
| CVE-2018-3928 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.
|
|||||
| CVE-2018-3854 | 1 Intuit | 1 Quicken 2018 | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.
|
|||||
| CVE-2018-3831 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
|
|||||
| CVE-2018-3826 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.
|
|||||
| CVE-2018-3817 | 1 Elastic | 1 Logstash | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
|
|||||
| CVE-2018-3813 | 1 Flir | 6 Brickstream 2300 2d, Brickstream 2300 2d Firmware, Brickstream 2300 3d and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.
|
|||||
| CVE-2018-3809 | 1 Zeit | 1 Serve | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
|
|||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
|
|||||
| CVE-2018-3665 | 6 Canonical, Citrix, Debian and 3 more | 14 Ubuntu Linux, Xenserver, Debian Linux and 11 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
|
|||||
| CVE-2018-3652 | 1 Intel | 34 Atom C, Xeon, Xeon Bronze 3104 and 31 more | 2024-11-21 | 4.6 MEDIUM | 7.6 HIGH |
|
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
|
|||||
| CVE-2018-3626 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.
|
|||||
| CVE-2018-3621 | 1 Intel | 1 Driver\&support Assistant | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
|||||
| CVE-2018-3619 | 1 Intel | 17 Core I3, Core I5, Core I7 and 14 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.
|
|||||
| CVE-2018-3598 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access.
|
|||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
|
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.
|
|||||
| CVE-2018-2026 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.
|
|||||
| CVE-2018-2022 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346.
|
|||||
| CVE-2018-2013 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
|
|||||
| CVE-2018-2011 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.
|
|||||
| CVE-2018-2009 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
|
|||||
| CVE-2018-2008 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.
|
|||||
| CVE-2018-2005 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
|
|||||
| CVE-2018-25081 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | N/A | 7.5 HIGH |
|
Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.
|
|||||
| CVE-2018-25022 | 1 Toktok | 1 Toxcore | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
|
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the ...
Show More |
|||||
| CVE-2018-21260 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
|
|||||
| CVE-2018-21242 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
|
|||||
| CVE-2018-21168 | 1 Netgear | 54 D7000, D7000 Firmware, D7800 and 51 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7000 before 1.0.1.52, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, ...
Show More |
|||||
| CVE-2018-21143 | 1 Netgear | 2 Gs810emx, Gs810emx Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.
|
|||||
| CVE-2018-21139 | 1 Netgear | 98 D1500, D1500 Firmware, D500 and 95 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0. ...
Show More |
|||||
| CVE-2018-21136 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
|
|||||
| CVE-2018-21129 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
|
|||||
| CVE-2018-21083 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018).
|
|||||
| CVE-2018-21077 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018).
|
|||||
| CVE-2018-21076 | 2 Google, Samsung | 3 Android, Exynos 8890, Exynos 8895 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).
|
|||||