Total
7187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25030 | 1 Mirmay | 2 File Manager, Secure Private Browser | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25022 | 1 Toktok | 1 Toxcore | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
| The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node. | |||||
| CVE-2018-25007 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 4.0 MEDIUM | 2.6 LOW |
| Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message. | |||||
| CVE-2018-21260 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | |||||
| CVE-2018-21249 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | |||||
| CVE-2018-21077 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). | |||||
| CVE-2018-21074 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). | |||||
| CVE-2018-21073 | 2 Google, Samsung | 6 Android, Galaxy S8, Galaxy S8\+ and 3 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). | |||||
| CVE-2018-21046 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018). | |||||
| CVE-2018-21043 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). | |||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||
| CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | |||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||||
| CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | |||||
| CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | |||||
| CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | |||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||