Total
7426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9946 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5471. | |||||
| CVE-2018-9922 | 1 Icmsdev | 1 Icms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. | |||||
| CVE-2018-9852 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. | |||||
| CVE-2018-9842 | 1 Cyberark | 1 Password Vault | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | |||||
| CVE-2018-9581 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366 | |||||
| CVE-2018-9554 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654. | |||||
| CVE-2018-9543 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088. | |||||
| CVE-2018-9526 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | |||||
| CVE-2018-9489 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. | |||||
| CVE-2018-9325 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. | |||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | |||||
| CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | |||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | |||||
| CVE-2018-9071 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. | |||||
| CVE-2018-9056 | 2 Arm, Intel | 209 Cortex-a, Atom C, Atom E and 206 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. | |||||
| CVE-2018-9014 | 1 Dsmall Project | 1 Dsmall | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | |||||
| CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | 5.0 MEDIUM | 8.3 HIGH |
| Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | |||||
| CVE-2018-8890 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. | |||||
| CVE-2018-8880 | 1 Lutron | 2 Quantum Bacnet Integration, Quantum Bacnet Integration Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. | |||||
| CVE-2018-8878 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | |||||