Total
8395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15658 | 1 42gears | 1 Suremdm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data. | |||||
| CVE-2018-15656 | 1 42gears | 1 Suremdm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header. | |||||
| CVE-2018-15655 | 1 42gears | 1 Suremdm | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. | |||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | |||||
| CVE-2018-15599 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. | |||||
| CVE-2018-15594 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. | |||||
| CVE-2018-15534 | 1 Geutebrueck | 2 Re Porter 16, Re Porter 16 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003. | |||||
| CVE-2018-15532 | 1 Hp | 1 Synaptics Touchpad Driver | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. | |||||
| CVE-2018-15446 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits. | |||||
| CVE-2018-15433 | 1 Cisco | 1 Prime Infrastructure | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. | |||||
| CVE-2018-15432 | 1 Cisco | 1 Prime Infrastructure | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. | |||||
| CVE-2018-15364 | 1 Trendmicro | 1 Officescan Xg | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | |||||
| CVE-2018-15357 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2018-15328 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. | |||||
| CVE-2018-15310 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. | |||||
| CVE-2018-15132 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. | |||||
| CVE-2018-15131 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. | |||||
| CVE-2018-15125 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. | |||||
| CVE-2018-14986 | 1 Leagoo | 2 Z5c, Z5c Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) containing an exported content provider named com.android.messaging.datamodel.MessagingContentProvider. Any app co-located on the device can read the most recent text message from each conversation. That is, for each phone number where the user has either sent or received a text message from, a zero-permission third-party app can obtain the body of the text message, phone number, name of the contact (if it exists), and a timestamp for the most recent text message of each conversation. As the querying of the vulnerable content provider app component can be performed silently in the background, a malicious app can continuously monitor the content provider to see if the current message in each conversation has changed to obtain new text messages. | |||||
| CVE-2018-14984 | 1 Leagoo | 2 Z5c, Z5c Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) with an exported broadcast receiver app component named com.android.messaging.trackersender.TrackerSender. Any app co-located on the device, even one with no permissions, can send a broadcast intent with certain embedded data to the exported broadcast receiver application component that will result in the programmatic sending of a text message where the phone number and body of the text message is controlled by the attacker. | |||||