Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13281 | 1 Synology | 3 Diskstation Manager, Skynas, Vs960hd | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | |||||
| CVE-2018-18590 | 1 Microfocus | 1 Operations Bridge | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. | |||||
| CVE-2018-1999040 | 1 Jenkins | 1 Kubernetes | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2018-16849 | 1 Redhat | 1 Openstack-mistral | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. | |||||
| CVE-2018-6052 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | |||||
| CVE-2017-18324 | 1 Qualcomm | 64 Mdm9206, Mdm9206 Firmware, Mdm9607 and 61 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016. | |||||
| CVE-2018-16705 | 1 Furuno | 4 Felcom 250, Felcom 250 Firmware, Felcom 500 and 1 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. | |||||
| CVE-2018-14902 | 1 Epson | 1 Iprint | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents. | |||||
| CVE-2018-12610 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Information Exposure. | |||||
| CVE-2018-19046 | 1 Keepalived | 1 Keepalived | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
| keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. | |||||
| CVE-2018-8315 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2024-02-04 | 4.0 MEDIUM | 4.2 MEDIUM |
| An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | |||||
| CVE-2018-15655 | 1 42gears | 1 Suremdm | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. | |||||
| CVE-2018-17216 | 1 Ptc | 1 Thingworx Platform | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. | |||||
| CVE-2017-18355 | 1 Google | 1 Rendertron | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files. | |||||
| CVE-2018-4179 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. | |||||
| CVE-2018-1505 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | |||||
| CVE-2019-3610 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware. | |||||
| CVE-2016-4644 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. | |||||
| CVE-2018-7946 | 1 Huawei | 4 Honor 7a, Honor 7a Firmware, Honor 9 Lite and 1 more | 2024-02-04 | 1.9 LOW | 4.3 MEDIUM |
| There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. | |||||
| CVE-2018-8292 | 1 Microsoft | 2 Asp.net Core, Powershell Core | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. | |||||