Total
8110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19718 | 1 Adobe | 1 Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session. | |||||
| CVE-2018-19643 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 4.7 MEDIUM |
| Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19609 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. | |||||
| CVE-2018-19487 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. | |||||
| CVE-2018-19456 | 2 Opensuse, Wplaunchpad | 2 Leap, Wpbackupplus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. | |||||
| CVE-2018-19413 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. | |||||
| CVE-2018-19246 | 1 Php-proxy | 1 Php-proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion. | |||||
| CVE-2018-19226 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI. | |||||
| CVE-2018-19205 | 1 Roundcube | 1 Webmail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. | |||||
| CVE-2018-19194 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message. | |||||
| CVE-2018-19148 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort. | |||||
| CVE-2018-19133 | 1 Flarum | 1 Flarum | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. | |||||
| CVE-2018-19120 | 1 Kde | 1 Kde Applications | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | |||||
| CVE-2018-19075 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. | |||||
| CVE-2018-19046 | 1 Keepalived | 1 Keepalived | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. | |||||
| CVE-2018-19045 | 1 Keepalived | 1 Keepalived | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. | |||||
| CVE-2018-19039 | 3 Grafana, Netapp, Redhat | 7 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 4 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | |||||
| CVE-2018-1999046 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. | |||||
| CVE-2018-1999041 | 1 Jenkins | 1 Tinfoil Security | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. | |||||
| CVE-2018-1999040 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||