Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17917 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps. | |||||
| CVE-2018-15962 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-1841 | 1 Ibm | 1 Cloud Private | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901. | |||||
| CVE-2018-19440 | 1 Arm | 1 Trusted Firmware-a | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| ARM Trusted Firmware-A allows information disclosure. | |||||
| CVE-2018-8348 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. | |||||
| CVE-2018-16948 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. | |||||
| CVE-2018-15433 | 1 Cisco | 1 Prime Infrastructure | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. | |||||
| CVE-2018-17091 | 1 I4a | 1 Donlinkage | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. | |||||
| CVE-2017-0361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | |||||
| CVE-2018-10245 | 1 Awstats | 1 Awstats | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. | |||||
| CVE-2017-13303 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501. | |||||
| CVE-2018-1000603 | 1 Jenkins | 1 Openstack Cloud | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | |||||
| CVE-2018-6188 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. | |||||
| CVE-2018-6846 | 1 Zblogcn | 1 Z-blogphp | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. | |||||
| CVE-2017-1474 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606. | |||||
| CVE-2018-1000601 | 1 Jenkins | 1 Ssh Credentials | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. | |||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-6284 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. | |||||
| CVE-2018-4252 | 1 Apple | 1 Iphone Os | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri. | |||||
| CVE-2018-9852 | 1 Gxlcms | 1 Gxlcms Qy | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. | |||||