Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19976 | 1 Virustotal | 1 Yara | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
|
|||||
| CVE-2018-19968 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
|
|||||
| CVE-2018-19962 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
|
|||||
| CVE-2018-19947 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
|
|||||
| CVE-2018-19854 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
|
|||||
| CVE-2018-19718 | 1 Adobe | 1 Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.
|
|||||
| CVE-2018-19643 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 4.7 MEDIUM |
|
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
|
|||||
| CVE-2018-19609 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
|
|||||
| CVE-2018-19487 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.
|
|||||
| CVE-2018-19456 | 2 Opensuse, Wplaunchpad | 2 Leap, Wpbackupplus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.
|
|||||
| CVE-2018-19413 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.
|
|||||
| CVE-2018-19246 | 1 Php-proxy | 1 Php-proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion.
|
|||||
| CVE-2018-19226 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
|
|||||
| CVE-2018-19205 | 1 Roundcube | 1 Webmail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
|
|||||
| CVE-2018-19194 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message.
|
|||||
| CVE-2018-19148 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover th ...
Show More |
|||||
| CVE-2018-19133 | 1 Flarum | 1 Flarum | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
|
|||||
| CVE-2018-19120 | 1 Kde | 1 Kde Applications | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
|
|||||
| CVE-2018-19075 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8.
|
|||||
| CVE-2018-19046 | 1 Keepalived | 1 Keepalived | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
|
|||||
| CVE-2018-19045 | 1 Keepalived | 1 Keepalived | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
|
|||||
| CVE-2018-19039 | 3 Grafana, Netapp, Redhat | 7 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 4 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
|
|||||
| CVE-2018-1999046 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.
|
|||||
| CVE-2018-1999041 | 1 Jenkins | 1 Tinfoil Security | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.
|
|||||
| CVE-2018-1999040 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
|
|||||
| CVE-2018-1999033 | 1 Anchore | 1 Container Image Scanner | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration.
|
|||||
| CVE-2018-1999031 | 1 Jenkins | 1 Meliora Testlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.
|
|||||
| CVE-2018-1999030 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
|
|||||
| CVE-2018-1999028 | 1 Jenkins | 1 Accurev | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
|
|||||
| CVE-2018-1999009 | 1 Octobercms | 1 October | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437.
|
|||||
| CVE-2018-1999006 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
|
|||||
| CVE-2018-18977 | 1 Ascensia | 1 Contour Diabetes | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation.
|
|||||
| CVE-2018-18975 | 1 Ascensia | 1 Contour Diabetes | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.
|
|||||
| CVE-2018-18941 | 1 Vignette | 1 Content Management | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued.
|
|||||
| CVE-2018-18865 | 3 Apple, Microsoft, Royalapplications | 4 Macos, Windows, Royal Ts and 1 more | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
|
|||||
| CVE-2018-18839 | 1 My-netdata | 1 Netdata | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.
|
|||||
| CVE-2018-18778 | 1 Acme | 1 Mini-httpd | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
|
|||||
| CVE-2018-18762 | 1 Saltos | 1 Saltos | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
SaltOS 3.1 r8126 contains a database download vulnerability.
|
|||||
| CVE-2018-18710 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.
|
|||||
| CVE-2018-18658 | 1 Arcserve | 1 Udp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
|
|||||