Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7070 | 1 Hp | 1 Centralview Fraud Risk Management | 2024-11-21 | N/A |
| HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | ||||
| CVE-2018-7056 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-11-21 | N/A |
| RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action. | ||||
| CVE-2018-6921 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | ||||
| CVE-2018-6920 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | ||||
| CVE-2018-6919 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. | ||||
| CVE-2018-6881 | 2 Dedecms, Phome | 2 Dedecms, Empirecms | 2024-11-21 | 5.3 Medium |
| EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | ||||
| CVE-2018-6871 | 4 Canonical, Debian, Libreoffice and 1 more | 10 Ubuntu Linux, Debian Linux, Libreoffice and 7 more | 2024-11-21 | N/A |
| LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | ||||
| CVE-2018-6849 | 1 Duckduckgo | 1 Duckduckgo | 2024-11-21 | N/A |
| In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. | ||||
| CVE-2018-6846 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. | ||||
| CVE-2018-6829 | 1 Gnupg | 1 Libgcrypt | 2024-11-21 | N/A |
| cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. | ||||
| CVE-2018-6808 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-11-21 | N/A |
| NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. | ||||
| CVE-2018-6806 | 1 Marked 2 Project | 1 Marked 2 | 2024-11-21 | 6.5 Medium |
| Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls. | ||||
| CVE-2018-6790 | 2 Kde, Redhat | 2 Plasma-workspace, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element. | ||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | ||||
| CVE-2018-6610 | 1 Jlike Project | 1 Jlike | 2024-11-21 | N/A |
| Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request. | ||||
| CVE-2018-6608 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
| In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. | ||||
| CVE-2018-6596 | 2 Debian, Django-anymail Project | 2 Debian Linux, Django-anymail | 2024-11-21 | N/A |
| webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. | ||||
| CVE-2018-6591 | 1 Conversejs | 1 Converse.js | 2024-11-21 | N/A |
| Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen. | ||||
| CVE-2018-6559 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A |
| The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | ||||
| CVE-2018-6526 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | ||||