Total
8780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19046 | 1 Keepalived | 1 Keepalived | 2024-08-05 | N/A |
| keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. | ||||
| CVE-2018-19045 | 1 Keepalived | 1 Keepalived | 2024-08-05 | N/A |
| keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. | ||||
| CVE-2018-18977 | 1 Ascensia | 1 Contour Diabetes | 2024-08-05 | N/A |
| An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation. | ||||
| CVE-2018-19039 | 3 Grafana, Netapp, Redhat | 7 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 4 more | 2024-08-05 | N/A |
| Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||||
| CVE-2018-18941 | 1 Vignette | 1 Content Management | 2024-08-05 | N/A |
| In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued. | ||||
| CVE-2018-18975 | 1 Ascensia | 1 Contour Diabetes | 2024-08-05 | N/A |
| An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information. | ||||
| CVE-2018-18865 | 3 Apple, Microsoft, Royalapplications | 4 Macos, Windows, Royal Ts and 1 more | 2024-08-05 | N/A |
| The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | ||||
| CVE-2018-18710 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
| An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. | ||||
| CVE-2018-18762 | 1 Saltos | 1 Saltos | 2024-08-05 | N/A |
| SaltOS 3.1 r8126 contains a database download vulnerability. | ||||
| CVE-2018-18644 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. | ||||
| CVE-2018-18645 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. | ||||
| CVE-2018-18640 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. | ||||
| CVE-2018-18648 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. | ||||
| CVE-2018-18566 | 1 Polycom | 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more | 2024-08-05 | 5.3 Medium |
| The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. | ||||
| CVE-2018-17402 | 1 Phonepe | 1 Phonepe | 2024-08-05 | N/A |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots | ||||
| CVE-2018-18511 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-08-05 | N/A |
| Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. | ||||
| CVE-2018-18506 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-08-05 | 5.9 Medium |
| When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. | ||||
| CVE-2018-18467 | 1 Conversations | 1 Conversations | 2024-08-05 | N/A |
| An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent. | ||||
| CVE-2018-18441 | 2 D-link, Dlink | 36 Dcs-2102 Firmware, Dcs-2121 Firmware, Dcs-2630l Firmware and 33 more | 2024-08-05 | N/A |
| D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. | ||||
| CVE-2018-18428 | 1 Tp-link | 2 Tl-sc3130, Tl-sc3130 Firmware | 2024-08-05 | N/A |
| TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. | ||||