Total
8110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1999033 | 1 Anchore | 1 Container Image Scanner | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration. | |||||
| CVE-2018-1999031 | 1 Jenkins | 1 Meliora Testlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. | |||||
| CVE-2018-1999030 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2018-1999028 | 1 Jenkins | 1 Accurev | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2018-1999009 | 1 Octobercms | 1 October | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437. | |||||
| CVE-2018-1999006 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade. | |||||
| CVE-2018-18977 | 1 Ascensia | 1 Contour Diabetes | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation. | |||||
| CVE-2018-18975 | 1 Ascensia | 1 Contour Diabetes | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information. | |||||
| CVE-2018-18941 | 1 Vignette | 1 Content Management | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued. | |||||
| CVE-2018-18865 | 3 Apple, Microsoft, Royalapplications | 4 Macos, Windows, Royal Ts and 1 more | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | |||||
| CVE-2018-18839 | 1 My-netdata | 1 Netdata | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional. | |||||
| CVE-2018-18778 | 1 Acme | 1 Mini-httpd | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ACME mini_httpd before 1.30 lets remote users read arbitrary files. | |||||
| CVE-2018-18762 | 1 Saltos | 1 Saltos | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| SaltOS 3.1 r8126 contains a database download vulnerability. | |||||
| CVE-2018-18710 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. | |||||
| CVE-2018-18658 | 1 Arcserve | 1 Udp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue. | |||||
| CVE-2018-18657 | 1 Arcserve | 1 Udp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue. | |||||
| CVE-2018-18655 | 1 Prayer Project | 1 Prayer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. | |||||
| CVE-2018-18648 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. | |||||
| CVE-2018-18645 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. | |||||
| CVE-2018-18644 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. | |||||