Total
8110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12337 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. | |||||
| CVE-2018-12336 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. | |||||
| CVE-2018-12329 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. | |||||
| CVE-2018-12318 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext. | |||||
| CVE-2018-12308 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | |||||
| CVE-2018-12301 | 1 Seagate | 1 Nas Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost. | |||||
| CVE-2018-12227 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. | |||||
| CVE-2018-12224 | 2 Intel, Microsoft | 2 Graphics Driver, Windows | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2018-12161 | 1 Intel | 1 Raid Web Console | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access. | |||||
| CVE-2018-12158 | 1 Intel | 1 Next Unit Of Computing Firmware | 2024-11-21 | 5.6 MEDIUM | 6.0 MEDIUM |
| Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. | |||||
| CVE-2018-12155 | 1 Intel | 1 Integrated Performance Primitives | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2018-12130 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12127 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12126 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12098 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | |||||
| CVE-2018-12097 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | |||||
| CVE-2018-12089 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
| In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0. | |||||
| CVE-2018-12076 | 1 Avantimarkets | 1 Market Card | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
| A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer's bar code. An exploit could allow the attacker to access all funds located within the MarketCard or allow unauthenticated disclosure of information. | |||||
| CVE-2018-12027 | 1 Phusion | 1 Passenger | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. | |||||
| CVE-2018-12021 | 1 Sylabs | 1 Singularity | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features. | |||||