Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10522 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | |||||
| CVE-2018-11409 | 1 Splunk | 1 Splunk | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2018-8127 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141. | |||||
| CVE-2017-1000398 | 1 Jenkins | 1 Jenkins | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks. | |||||
| CVE-2018-3809 | 1 Zeit | 1 Serve | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. | |||||
| CVE-2018-6015 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. | |||||
| CVE-2018-1059 | 3 Canonical, Dpdk, Redhat | 9 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 6 more | 2024-02-04 | 2.9 LOW | 6.1 MEDIUM |
| The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. | |||||
| CVE-2013-4209 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | |||||
| CVE-2018-1000143 | 1 Jenkins | 1 Github Pull Request Builder | 2024-02-04 | 2.1 LOW | 6.7 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | |||||
| CVE-2017-5801 | 1 Hp | 1 Business Process Monitor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found. | |||||
| CVE-2017-13877 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app. | |||||
| CVE-2016-10437 | 1 Qualcomm | 56 Fsm9055, Fsm9055 Firmware, Mdm9206 and 53 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, while logging debug statements or ftrace events from rmnet_data, the socket buffer function uses normal format specifiers which may result in information exposure. | |||||
| CVE-2018-1175 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438. | |||||
| CVE-2014-5450 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. | |||||
| CVE-2018-1086 | 3 Clusterlabs, Debian, Redhat | 3 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux Server Eus | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. | |||||
| CVE-2017-16045 | 1 Jquery.js Project | 1 Jquery.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-8944 | 1 Hp | 1 Cloud Optimizer | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found. | |||||
| CVE-2017-15709 | 1 Apache | 1 Activemq | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | |||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | |||||