Total
8780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20941 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | ||||
| CVE-2018-18839 | 1 My-netdata | 1 Netdata | 2024-08-05 | N/A |
| An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional. | ||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | ||||
| CVE-2018-20776 | 1 Frog Cms Project | 1 Frog Cms | 2024-08-05 | N/A |
| Frog CMS 0.9.5 provides a directory listing for a /public request. | ||||
| CVE-2018-20913 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | ||||
| CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | ||||
| CVE-2018-20894 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | ||||
| CVE-2018-20855 | 3 Linux, Netapp, Opensuse | 6 Linux Kernel, Active Iq Performance Analytics Services, Active Iq Unified Manager and 3 more | 2024-08-05 | 3.3 Low |
| An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | ||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | ||||
| CVE-2018-20681 | 1 Mate-desktop | 1 Mate-screensaver | 2024-08-05 | N/A |
| mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse. | ||||
| CVE-2018-20510 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
| The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file. | ||||
| CVE-2018-20555 | 1 Designchemical | 1 Social Network Tabs | 2024-08-05 | N/A |
| The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover. | ||||
| CVE-2018-20478 | 1 S-cms | 1 S-cms | 2024-08-05 | N/A |
| An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value. | ||||
| CVE-2018-20509 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
| The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file. | ||||
| CVE-2018-20483 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2024-08-05 | N/A |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. | ||||
| CVE-2018-20488 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | ||||
| CVE-2018-20511 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-05 | N/A |
| An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. | ||||
| CVE-2018-20495 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | ||||
| CVE-2018-20449 | 2 Linux, Netapp | 2 Linux Kernel, Element Software Management Node | 2024-08-05 | N/A |
| The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file. | ||||
| CVE-2018-20333 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2024-08-05 | 7.5 High |
| An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. | ||||