Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18657 | 1 Arcserve | 1 Udp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
|
|||||
| CVE-2018-18655 | 1 Prayer Project | 1 Prayer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
|
|||||
| CVE-2018-18648 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.
|
|||||
| CVE-2018-18645 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.
|
|||||
| CVE-2018-18644 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
|
|||||
| CVE-2018-18640 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.
|
|||||
| CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
|
|||||
| CVE-2018-18590 | 1 Microfocus | 1 Operations Bridge | 2024-11-21 | 5.8 MEDIUM | 9.6 CRITICAL |
|
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
|
|||||
| CVE-2018-18566 | 1 Polycom | 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
|
|||||
| CVE-2018-18511 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
|
|||||
| CVE-2018-18487 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
|
|||||
| CVE-2018-18467 | 1 Conversations | 1 Conversations | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.
|
|||||
| CVE-2018-18441 | 2 D-link, Dlink | 36 Dcs-2102 Firmware, Dcs-2121 Firmware, Dcs-2630l Firmware and 33 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration ...
Show More |
|||||
| CVE-2018-18428 | 1 Tp-link | 2 Tl-sc3130, Tl-sc3130 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
|
|||||
| CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
|
|||||
| CVE-2018-18376 | 1 Orange | 2 Airbox, Airbox Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
|
|||||
| CVE-2018-18334 | 1 Trendmicro | 1 Dr. Safety | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations.
|
|||||
| CVE-2018-18289 | 1 Mesilat | 1 Zabbix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.
|
|||||
| CVE-2018-18287 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.
|
|||||
| CVE-2018-18205 | 1 Top-vision | 2 Cc8800ce, Cc8800ce Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.
|
|||||
| CVE-2018-18073 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
|
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
|
|||||
| CVE-2018-18056 | 1 Ti | 4 Tm4c123, Tm4c123 Firmware, Tm4c129 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unk ...
Show More |
|||||
| CVE-2018-17976 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
|
|||||
| CVE-2018-17975 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
|
|||||
| CVE-2018-17956 | 1 Opensuse | 1 Yast2-samba-provision | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
|
|||||
| CVE-2018-17944 | 1 Lexmark | 16 Cx725h, Cx725h Firmware, Cx820 and 13 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
|
|||||
| CVE-2018-17939 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
|
|||||
| CVE-2018-17917 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.
|
|||||
| CVE-2018-17907 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.
|
|||||
| CVE-2018-17891 | 2 Carestream, Microsoft | 2 Carestream Vue Ris, Windows 8.1 | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
|
|||||
| CVE-2018-17781 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
|
|||||
| CVE-2018-17780 | 1 Telegram | 2 Telegram Desktop, Telegram Messenger | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.
|
|||||
| CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
|
|||||
| CVE-2018-17502 | 1 Thereceptionist | 1 The Receptionist For Ipad | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.
|
|||||
| CVE-2018-17484 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | 3.6 LOW | 4.0 MEDIUM |
|
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.
|
|||||
| CVE-2018-17483 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | 2.1 LOW | 2.9 LOW |
|
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.
|
|||||
| CVE-2018-17482 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.
|
|||||
| CVE-2018-17468 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
|
|||||
| CVE-2018-17404 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.
|
|||||
| CVE-2018-17402 | 1 Phonepe | 1 Phonepe | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installi ...
Show More |
|||||