Total
9507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12735 | 1 Saj-electric | 1 Saj Solar Inverter | 2024-11-21 | N/A |
| SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | ||||
| CVE-2018-12716 | 1 Google | 4 Chromecast, Chromecast Firmware, Home and 1 more | 2024-11-21 | N/A |
| The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | ||||
| CVE-2018-12684 | 1 Civetweb Project | 1 Civetweb | 2024-11-21 | N/A |
| Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | ||||
| CVE-2018-12673 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | N/A |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. | ||||
| CVE-2018-12671 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | N/A |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. | ||||
| CVE-2018-12634 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 9.8 Critical |
| CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | ||||
| CVE-2018-12632 | 1 Redatam | 1 Redatam | 2024-11-21 | N/A |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. | ||||
| CVE-2018-12610 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows Information Exposure. | ||||
| CVE-2018-12594 | 1 Reliablecontrols | 2 Mach-prowebcom, Mach-prowebcom Firmware | 2024-11-21 | N/A |
| Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. | ||||
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2024-11-21 | N/A |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | ||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2024-11-21 | N/A |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | ||||
| CVE-2018-12525 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. | ||||
| CVE-2018-12524 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. | ||||
| CVE-2018-12523 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. | ||||
| CVE-2018-12522 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. | ||||
| CVE-2018-12481 | 1 The Olive Tree Ftp Server Project | 1 The Olive Tree Ftp Server | 2024-11-21 | N/A |
| The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. | ||||
| CVE-2018-12440 | 1 Google | 1 Boringssl | 2024-11-21 | N/A |
| BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12439 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | N/A |
| MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12438 | 1 Libsunec Project | 1 Libsunec | 2024-11-21 | 4.9 Medium |
| The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12437 | 2 Libtom, Linaro | 2 Libtomcrypt, Op-tee | 2024-11-21 | 4.9 Medium |
| LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||