Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12435 | 1 Botan Project | 1 Botan | 2024-11-21 | 1.9 LOW | 5.9 MEDIUM |
|
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
|
|||||
| CVE-2018-12434 | 1 Openbsd | 1 Libressl | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
|
|||||
| CVE-2018-12433 | 1 Cryptlib | 1 Cryptlib | 2024-11-21 | 1.9 LOW | 4.9 MEDIUM |
|
cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model
|
|||||
| CVE-2018-12400 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.
|
|||||
| CVE-2018-12374 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
|
|||||
| CVE-2018-12373 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
|
|||||
| CVE-2018-12372 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
|
|||||
| CVE-2018-12365 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
|
|||||
| CVE-2018-12358 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.
|
|||||
| CVE-2018-12337 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.
|
|||||
| CVE-2018-12336 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
|
|||||
| CVE-2018-12329 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning.
|
|||||
| CVE-2018-12318 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
|
|||||
| CVE-2018-12308 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
|
|||||
| CVE-2018-12301 | 1 Seagate | 1 Nas Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
|
|||||
| CVE-2018-12227 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to th ...
Show More |
|||||
| CVE-2018-12224 | 2 Intel, Microsoft | 2 Graphics Driver, Windows | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2018-12161 | 1 Intel | 1 Raid Web Console | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.
|
|||||
| CVE-2018-12158 | 1 Intel | 1 Next Unit Of Computing Firmware | 2024-11-21 | 5.6 MEDIUM | 6.0 MEDIUM |
|
Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.
|
|||||
| CVE-2018-12155 | 1 Intel | 1 Integrated Performance Primitives | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2018-12130 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
|
|||||
| CVE-2018-12127 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
|
|||||
| CVE-2018-12126 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
|
|||||
| CVE-2018-12098 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub
|
|||||
| CVE-2018-12097 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub
|
|||||
| CVE-2018-12089 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
|
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.
|
|||||
| CVE-2018-12076 | 1 Avantimarkets | 1 Market Card | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
|
A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer's bar code. An exploit could allow the attacker to access all funds located within the Ma ...
Show More |
|||||
| CVE-2018-12027 | 1 Phusion | 1 Passenger | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-appl ...
Show More |
|||||
| CVE-2018-12021 | 1 Sylabs | 1 Singularity | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
|
|||||
| CVE-2018-12006 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
|
|||||
| CVE-2018-12004 | 1 Qualcomm | 50 Mdm9206, Mdm9206 Firmware, Mdm9607 and 47 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130
|
|||||
| CVE-2018-11976 | 1 Qualcomm | 92 Ipq8074, Ipq8074 Firmware, Mdm9150 and 89 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205 ...
Show More |
|||||
| CVE-2018-11971 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130
|
|||||
| CVE-2018-11942 | 1 Qualcomm | 66 Ipq4019, Ipq4019 Firmware, Ipq8064 and 63 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670 ...
Show More |
|||||
| CVE-2018-11846 | 1 Qualcomm | 10 Sd 205, Sd 205 Firmware, Sd 210 and 7 more | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
|
The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850
|
|||||
| CVE-2018-11845 | 1 Qualcomm | 80 Mdm9150, Mdm9150 Firmware, Mdm9206 and 77 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, S ...
Show More |
|||||
| CVE-2018-11783 | 1 Apache | 1 Traffic Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
|
|||||
| CVE-2018-11741 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.
|
|||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
|
|||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
|
|||||