Total
9541 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9526 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | ||||
| CVE-2018-9489 | 1 Google | 1 Android | 2024-11-21 | N/A |
| When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. | ||||
| CVE-2018-9325 | 1 Etherpad | 1 Etherpad | 2024-11-21 | N/A |
| Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. | ||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2024-11-21 | N/A |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | ||||
| CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | ||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2024-11-21 | N/A |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | ||||
| CVE-2018-9071 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2024-11-21 | N/A |
| Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. | ||||
| CVE-2018-9056 | 2 Arm, Intel | 209 Cortex-a, Atom C, Atom E and 206 more | 2024-11-21 | N/A |
| Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. | ||||
| CVE-2018-9014 | 1 Dsmall Project | 1 Dsmall | 2024-11-21 | N/A |
| dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | ||||
| CVE-2018-8890 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. | ||||
| CVE-2018-8880 | 1 Lutron | 2 Quantum Bacnet Integration, Quantum Bacnet Integration Firmware | 2024-11-21 | N/A |
| Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. | ||||
| CVE-2018-8878 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2024-11-21 | 5.3 Medium |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | ||||
| CVE-2018-8877 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2024-11-21 | 5.3 Medium |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | ||||
| CVE-2018-8863 | 1 Philips | 1 Encoreanywhere | 2024-11-21 | 5.9 Medium |
| The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. | ||||
| CVE-2018-8860 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | N/A |
| In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. | ||||
| CVE-2018-8798 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | N/A |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | ||||
| CVE-2018-8791 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | N/A |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | ||||
| CVE-2018-8770 | 1 Cobub | 1 Razor | 2024-11-21 | 5.3 Medium |
| Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/. | ||||
| CVE-2018-8714 | 1 Honeywell | 1 Matrikonopc Explorer | 2024-11-21 | N/A |
| Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | ||||
| CVE-2018-8580 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. | ||||