Total
8779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11409 | 1 Splunk | 1 Splunk | 2024-08-05 | N/A |
| Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | ||||
| CVE-2018-11437 | 1 Libmobi Project | 1 Libmobi | 2024-08-05 | N/A |
| The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. | ||||
| CVE-2018-11275 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs. | ||||
| CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2024-08-05 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | ||||
| CVE-2018-11195 | 1 Mahara | 1 Mahara | 2024-08-05 | N/A |
| Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials. | ||||
| CVE-2018-11215 | 1 Cloudera | 1 Data Science Workbench | 2024-08-05 | N/A |
| Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. | ||||
| CVE-2018-11036 | 1 Ruckuswireless | 8 Scg-200, Scg-200 Firmware, Sz-100 and 5 more | 2024-08-05 | N/A |
| Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data. | ||||
| CVE-2018-11037 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
| In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | ||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 12 Ubuntu Linux, Debian Linux, Postgresql and 9 more | 2024-08-05 | N/A |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | ||||
| CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-08-05 | 6.5 Medium |
| An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | ||||
| CVE-2018-10919 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-08-05 | N/A |
| The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | ||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-08-05 | 8.1 High |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | ||||
| CVE-2018-10946 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-08-05 | N/A |
| An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI. | ||||
| CVE-2018-10890 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. | ||||
| CVE-2018-10911 | 4 Debian, Gluster, Opensuse and 1 more | 9 Debian Linux, Glusterfs, Leap and 6 more | 2024-08-05 | 7.5 High |
| A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | ||||
| CVE-2018-10815 | 1 Cloudera | 1 Cloudera Manager | 2024-08-05 | N/A |
| An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. | ||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | ||||
| CVE-2018-10859 | 2 Debian, Git-annex Project | 2 Debian Linux, Git-annex | 2024-08-05 | N/A |
| git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex | ||||
| CVE-2018-10857 | 2 Debian, Git-annex Project | 2 Debian Linux, Git-annex | 2024-08-05 | N/A |
| git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN. | ||||
| CVE-2018-10852 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Sssd, Enterprise Linux and 3 more | 2024-08-05 | N/A |
| The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. | ||||