Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
|
|||||
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub
|
|||||
| CVE-2018-11654 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.
|
|||||
| CVE-2018-11653 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.
|
|||||
| CVE-2018-11645 | 1 Artifex | 1 Ghostscript | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
|
|||||
| CVE-2018-11621 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunct ...
Show More |
|||||
| CVE-2018-11620 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunct ...
Show More |
|||||
| CVE-2018-11565 | 1 Mahara | 1 Mahara | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.
|
|||||
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
|
|||||
| CVE-2018-11517 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
|
|||||
| CVE-2018-11508 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
|
|||||
| CVE-2018-11505 | 1 Werewolf Online Project | 1 Werewolf Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
|
|||||
| CVE-2018-11469 | 2 Canonical, Haproxy | 2 Ubuntu Linux, Haproxy | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
|
|||||
| CVE-2018-11437 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.
|
|||||
| CVE-2018-11435 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.
|
|||||
| CVE-2018-11409 | 1 Splunk | 1 Splunk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
|
|||||
| CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
|
|||||
| CVE-2018-11275 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.
|
|||||
| CVE-2018-11215 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
|
|||||
| CVE-2018-11195 | 1 Mahara | 1 Mahara | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
|
|||||
| CVE-2018-11037 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
|
|||||
| CVE-2018-11036 | 1 Ruckuswireless | 8 Scg-200, Scg-200 Firmware, Sz-100 and 5 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
|
|||||
| CVE-2018-10950 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
|
|||||
| CVE-2018-10946 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-11-21 | 2.7 LOW | 6.8 MEDIUM |
|
An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.
|
|||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
|
|||||
| CVE-2018-10919 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
|
|||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 9 Ubuntu Linux, Debian Linux, Postgresql and 6 more | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
|
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versio ...
Show More |
|||||
| CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
|
|||||
| CVE-2018-10911 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
|
|||||
| CVE-2018-10890 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories.
|
|||||
| CVE-2018-10859 | 2 Debian, Git-annex Project | 2 Debian Linux, Git-annex | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
|
|||||
| CVE-2018-10857 | 2 Debian, Git-annex Project | 2 Debian Linux, Git-annex | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
|
|||||
| CVE-2018-10852 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Sssd, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 3.8 LOW |
|
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
|
|||||
| CVE-2018-10815 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.
|
|||||
| CVE-2018-10770 | 1 Annigroup | 2 5 In 1 Xvr, 5 In 1 Xvr Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.
|
|||||
| CVE-2018-10734 | 1 Kongtop | 10 A303, A303 Firmware, A403 and 7 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
|
|||||
| CVE-2018-10732 | 1 Dataiku | 1 Data Science Studio | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.
|
|||||
| CVE-2018-10729 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.
|
|||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.
|
|||||
| CVE-2018-10652 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
|
|||||