Total
9523 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20608 | 1 Txjia | 1 Imcat | 2024-11-21 | N/A |
| imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | ||||
| CVE-2018-20607 | 1 Txjia | 1 Imcat | 2024-11-21 | N/A |
| imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | ||||
| CVE-2018-20606 | 1 Txjia | 1 Imcat | 2024-11-21 | N/A |
| imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | ||||
| CVE-2018-20602 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | N/A |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | ||||
| CVE-2018-20571 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
| DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | ||||
| CVE-2018-20555 | 1 Designchemical | 1 Social Network Tabs | 2024-11-21 | N/A |
| The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover. | ||||
| CVE-2018-20511 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. | ||||
| CVE-2018-20510 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file. | ||||
| CVE-2018-20509 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file. | ||||
| CVE-2018-20495 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | ||||
| CVE-2018-20488 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | ||||
| CVE-2018-20483 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2024-11-21 | N/A |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. | ||||
| CVE-2018-20478 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value. | ||||
| CVE-2018-20449 | 2 Linux, Netapp | 2 Linux Kernel, Element Software Management Node | 2024-11-21 | N/A |
| The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file. | ||||
| CVE-2018-20371 | 1 Photorange Photo Vault Project | 1 Photorange Photo Vault | 2024-11-21 | N/A |
| PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on. | ||||
| CVE-2018-20333 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2024-11-21 | 7.5 High |
| An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. | ||||
| CVE-2018-20307 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2024-11-21 | 4.3 Medium |
| Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | ||||
| CVE-2018-20174 | 1 Rdesktop | 1 Rdesktop | 2024-11-21 | N/A |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. | ||||
| CVE-2018-20170 | 1 Openstack | 1 Keystone | 2024-11-21 | N/A |
| OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory | ||||
| CVE-2018-20154 | 1 Designmodo | 1 Wp Maintenance Mode | 2024-11-21 | N/A |
| The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. | ||||