Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6538 | 1 Thetrackr | 2 Trackr Bravo, Trackr Bravo Firmware | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | |||||
| CVE-2018-8297 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325. | |||||
| CVE-2018-4159 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-2493 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Safari and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. | |||||
| CVE-2017-1625 | 1 Ibm | 1 Qradar Pulse | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 133123. | |||||
| CVE-2018-5137 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-10028 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. | |||||
| CVE-2018-8770 | 1 Cobub | 1 Razor | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/. | |||||
| CVE-2014-0872 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 1.5 LOW | 4.1 MEDIUM |
| The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. | |||||
| CVE-2017-1756 | 1 Ibm | 3 Business Process Manager, Business Process Manager Enterprise Service Bus, Websphere | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. | |||||
| CVE-2017-6926 | 1 Drupal | 1 Drupal | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments. | |||||
| CVE-2018-5140 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-5182 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. | |||||
| CVE-2016-3954 | 1 Web2py | 1 Web2py | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. | |||||
| CVE-2018-0526 | 1 Cybozu | 1 Office | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | |||||
| CVE-2018-0871 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234. | |||||
| CVE-2018-4226 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information. | |||||
| CVE-2017-1725 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820. | |||||
| CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | |||||
| CVE-2017-13232 | 1 Google | 1 Android | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950. | |||||