Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0843 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0820. | |||||
| CVE-2018-5115 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. | |||||
| CVE-2017-5795 | 1 Hp | 1 Intelligent Management Center | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
| A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | |||||
| CVE-2017-16055 | 1 Sqlserver Project | 1 Sqlserver | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2018-6806 | 1 Marked 2 Project | 1 Marked 2 | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls. | |||||
| CVE-2018-10082 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. | |||||
| CVE-2018-12524 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. | |||||
| CVE-2017-13873 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app. | |||||
| CVE-2014-10062 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationService and call into the exposed method for bringing up a data connection. | |||||
| CVE-2018-8160 | 1 Microsoft | 4 Office, Office Compatibility Pack, Sharepoint Server and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | |||||
| CVE-2018-7776 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data. | |||||
| CVE-2018-3598 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access. | |||||
| CVE-2018-10189 | 1 Mautic | 1 Mautic | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. | |||||
| CVE-2017-3972 | 1 Mcafee | 1 Network Security Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. | |||||
| CVE-2018-1465 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396. | |||||
| CVE-2018-12522 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. | |||||
| CVE-2017-16056 | 1 Mssql.js Project | 1 Mssql.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16250 | 1 Mitel | 1 St14.2 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | |||||
| CVE-2015-1857 | 1 Linuxfoundation | 1 Opendaylight | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | |||||
| CVE-2017-1509 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. | |||||