Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5525 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data. | |||||
| CVE-2018-7662 | 1 Couchcms | 1 Couch | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. | |||||
| CVE-2014-6108 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. | |||||
| CVE-2017-16048 | 1 Node-sqlite Project | 1 Node-sqlite | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16058 | 1 Gruntcli Project | 1 Gruntcli | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | |||||
| CVE-2018-12926 | 1 Pharoscontrols | 2 Pharos, Pharos Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | |||||
| CVE-2018-9325 | 1 Etherpad | 1 Etherpad | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. | |||||
| CVE-2018-11645 | 1 Artifex | 1 Ghostscript | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | |||||
| CVE-2018-12329 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. | |||||
| CVE-2015-2204 | 1 Evergreen-ils | 1 Evergreen | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | |||||
| CVE-2017-1000505 | 1 Jenkins | 1 Script Security | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval. | |||||
| CVE-2018-10423 | 1 1234n | 1 Minicms | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. | |||||
| CVE-2017-16059 | 1 Mssql-node Project | 1 Mssql-node | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-15112 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users. | |||||
| CVE-2017-16064 | 1 Node-openssl Project | 1 Node-openssl | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2015-9194 | 1 Qualcomm | 30 Sd 205, Sd 205 Firmware, Sd 210 and 27 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure. | |||||
| CVE-2017-15814 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-5134 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-12481 | 1 The Olive Tree Ftp Server Project | 1 The Olive Tree Ftp Server | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. | |||||