Total
9511 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16984 | 1 Djangoproject | 1 Django | 2024-11-21 | N/A |
| An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. | ||||
| CVE-2018-16977 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. | ||||
| CVE-2018-16969 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | N/A |
| Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. | ||||
| CVE-2018-16959 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16948 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-11-21 | N/A |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. | ||||
| CVE-2018-16889 | 1 Redhat | 2 Ceph, Ceph Storage | 2024-11-21 | N/A |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | ||||
| CVE-2018-16883 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | N/A |
| sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. | ||||
| CVE-2018-16876 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Ansible and 7 more | 2024-11-21 | 5.3 Medium |
| ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | ||||
| CVE-2018-16870 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | N/A |
| It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. | ||||
| CVE-2018-16862 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | N/A |
| A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. | ||||
| CVE-2018-16849 | 1 Redhat | 2 Openstack, Openstack-mistral | 2024-11-21 | N/A |
| A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. | ||||
| CVE-2018-16712 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | N/A |
| IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. | ||||
| CVE-2018-16710 | 1 Octoprint | 1 Octoprint | 2024-11-21 | N/A |
| OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough. | ||||
| CVE-2018-16705 | 1 Furuno | 4 Felcom 250, Felcom 250 Firmware, Felcom 500 and 1 more | 2024-11-21 | N/A |
| FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. | ||||
| CVE-2018-16672 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 6.5 Medium |
| An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | ||||
| CVE-2018-16671 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | N/A |
| An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. | ||||
| CVE-2018-16658 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | ||||
| CVE-2018-16656 | 1 Kyocera | 4 Taskalfa 4002i, Taskalfa 4002i Firmware, Taskalfa 6002i and 1 more | 2024-11-21 | N/A |
| DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request. | ||||
| CVE-2018-16603 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. | ||||
| CVE-2018-16602 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | N/A |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. | ||||