Total
8780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18334 | 1 Trendmicro | 1 Dr. Safety | 2024-08-05 | N/A |
| A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations. | ||||
| CVE-2018-18287 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2024-08-05 | N/A |
| On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page. | ||||
| CVE-2018-18056 | 1 Ti | 4 Tm4c123, Tm4c123 Firmware, Tm4c129 and 1 more | 2024-08-05 | N/A |
| An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle." | ||||
| CVE-2018-18226 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. | ||||
| CVE-2018-18205 | 1 Top-vision | 2 Cc8800ce, Cc8800ce Firmware | 2024-08-05 | N/A |
| Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie. | ||||
| CVE-2018-17944 | 1 Lexmark | 16 Cx725h, Cx725h Firmware, Cx820 and 13 more | 2024-08-05 | N/A |
| On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. | ||||
| CVE-2018-17976 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions. | ||||
| CVE-2018-18073 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-08-05 | 6.3 Medium |
| Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||||
| CVE-2018-17972 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-08-05 | N/A |
| An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. | ||||
| CVE-2018-17939 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. | ||||
| CVE-2018-17975 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API. | ||||
| CVE-2018-17781 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-08-05 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. | ||||
| CVE-2018-17780 | 1 Telegram | 2 Telegram Desktop, Telegram Messenger | 2024-08-05 | N/A |
| Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. | ||||
| CVE-2018-17468 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-08-05 | N/A |
| Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | ||||
| CVE-2018-17404 | 1 Sbi | 1 Sbi Buddy | 2024-08-05 | N/A |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. | ||||
| CVE-2018-17244 | 1 Elastic | 1 Elasticsearch | 2024-08-05 | N/A |
| Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. | ||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2024-08-05 | N/A |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | ||||
| CVE-2018-17216 | 1 Ptc | 1 Thingworx Platform | 2024-08-05 | N/A |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. | ||||
| CVE-2018-17091 | 1 I4a | 1 Donlinkage | 2024-08-05 | N/A |
| An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. | ||||
| CVE-2018-16969 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-08-05 | N/A |
| Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. | ||||