Total
8110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16539 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | |||||
| CVE-2018-16527 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | |||||
| CVE-2018-16524 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | |||||
| CVE-2018-16323 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | |||||
| CVE-2018-16307 | 1 Mi | 2 Xiaomi Miwifi Xiaomi 55dd, Xiaomi Miwifi Xiaomi 55dd Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. | |||||
| CVE-2018-16288 | 1 Lg | 1 Supersign Cms | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | |||||
| CVE-2018-16269 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16264 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16224 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. | |||||
| CVE-2018-16192 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. | |||||
| CVE-2018-16078 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-16051 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. | |||||
| CVE-2018-15979 | 2 Adobe, Microsoft | 3 Acrobat Dc, Acrobat Reader Dc, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-15967 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-15919 | 2 Netapp, Openbsd | 7 Cloud Backup, Cn1610, Cn1610 Firmware and 4 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | |||||
| CVE-2018-15800 | 1 Cloud Foundry | 1 Bits Service | 2024-11-21 | 3.5 LOW | 8.1 HIGH |
| Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage. | |||||
| CVE-2018-15773 | 1 Dell | 1 Data Protection \| Encryption | 2024-11-21 | 4.9 MEDIUM | 4.3 MEDIUM |
| Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files. | |||||
| CVE-2018-15771 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. | |||||
| CVE-2018-15765 | 1 Dell | 1 Emc Secure Remote Services | 2024-11-21 | 2.1 LOW | 3.4 LOW |
| Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks. | |||||
| CVE-2018-15718 | 1 Opendental | 1 Opendental | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more. | |||||