Total
8779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13123 | 1 Onefilecms | 1 Onefilecms | 2024-08-05 | N/A |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | ||||
| CVE-2018-12997 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-08-05 | 7.5 High |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | ||||
| CVE-2018-12990 | 1 Phpwcms | 1 Phpwcms | 2024-08-05 | N/A |
| phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | ||||
| CVE-2018-12920 | 1 Flir | 2 Brickstream 2300, Brickstream 2300 Firmware | 2024-08-05 | 7.5 High |
| Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | ||||
| CVE-2018-12923 | 1 Bwssystems | 1 Ha Bridge | 2024-08-05 | 7.5 High |
| BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | ||||
| CVE-2018-12927 | 1 Northernnep | 2 Northern Electric \& Power Inverter, Northern Electric \& Power Inverter Firmware | 2024-08-05 | N/A |
| Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | ||||
| CVE-2018-12908 | 1 Brynamics | 1 Brynamics | 2024-08-05 | N/A |
| Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | ||||
| CVE-2018-12921 | 1 Electroind | 2 Gaugetech Nexus, Gaugetech Nexus Firmware | 2024-08-05 | N/A |
| Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | ||||
| CVE-2018-12907 | 1 Rclone | 1 Rclone | 2024-08-05 | N/A |
| In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | ||||
| CVE-2018-12926 | 1 Pharoscontrols | 2 Pharos, Pharos Firmware | 2024-08-05 | N/A |
| Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | ||||
| CVE-2018-12892 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | N/A |
| An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. | ||||
| CVE-2018-12673 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-08-05 | N/A |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. | ||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2024-08-05 | N/A |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | ||||
| CVE-2018-12523 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-08-05 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. | ||||
| CVE-2018-12634 | 1 Circontrol | 1 Circarlife Scada | 2024-08-05 | 9.8 Critical |
| CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | ||||
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2024-08-05 | N/A |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | ||||
| CVE-2018-12525 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-08-05 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. | ||||
| CVE-2018-12671 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-08-05 | N/A |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. | ||||
| CVE-2018-12610 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | N/A |
| OX App Suite 7.8.4 and earlier allows Information Exposure. | ||||
| CVE-2018-12524 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-08-05 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. | ||||