Total
9276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11846 | 1 Qualcomm | 10 Sd 205, Sd 205 Firmware, Sd 210 and 7 more | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 | |||||
| CVE-2018-11845 | 1 Qualcomm | 80 Mdm9150, Mdm9150 Firmware, Mdm9206 and 77 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | |||||
| CVE-2018-11783 | 1 Apache | 1 Traffic Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. | |||||
| CVE-2018-11741 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | |||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2018-11654 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. | |||||
| CVE-2018-11653 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password. | |||||
| CVE-2018-11645 | 1 Artifex | 1 Ghostscript | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | |||||
| CVE-2018-11621 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896. | |||||
| CVE-2018-11620 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756. | |||||
| CVE-2018-11565 | 1 Mahara | 1 Mahara | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. | |||||
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | |||||
| CVE-2018-11517 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | |||||
| CVE-2018-11508 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | |||||
| CVE-2018-11505 | 1 Werewolf Online Project | 1 Werewolf Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | |||||
| CVE-2018-11469 | 2 Canonical, Haproxy | 2 Ubuntu Linux, Haproxy | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | |||||
| CVE-2018-11437 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. | |||||