Total
8779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9842 | 1 Cyberark | 1 Password Vault | 2024-08-05 | N/A |
| CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | ||||
| CVE-2018-9554 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654. | ||||
| CVE-2018-9526 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | ||||
| CVE-2018-9581 | 1 Google | 1 Android | 2024-08-05 | 3.3 Low |
| In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366 | ||||
| CVE-2018-9543 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088. | ||||
| CVE-2018-9325 | 1 Etherpad | 1 Etherpad | 2024-08-05 | N/A |
| Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. | ||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2024-08-05 | N/A |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | ||||
| CVE-2018-9071 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2024-08-05 | N/A |
| Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. | ||||
| CVE-2018-7737 | 1 Zblogcn | 1 Z-blogphp | 2024-08-05 | N/A |
| In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-9056 | 2 Arm, Intel | 209 Cortex-a, Atom C, Atom E and 206 more | 2024-08-05 | N/A |
| Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. | ||||
| CVE-2018-9014 | 1 Dsmall Project | 1 Dsmall | 2024-08-05 | N/A |
| dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | ||||
| CVE-2018-8877 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2024-08-05 | 5.3 Medium |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | ||||
| CVE-2018-8880 | 1 Lutron | 2 Quantum Bacnet Integration, Quantum Bacnet Integration Firmware | 2024-08-05 | N/A |
| Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. | ||||
| CVE-2018-8878 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2024-08-05 | 5.3 Medium |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | ||||
| CVE-2018-8770 | 1 Cobub | 1 Razor | 2024-08-05 | 5.3 Medium |
| Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/. | ||||
| CVE-2018-8580 | 1 Microsoft | 1 Sharepoint Server | 2024-08-05 | 4.3 Medium |
| An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. | ||||
| CVE-2018-8565 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-05 | N/A |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| CVE-2018-8714 | 1 Honeywell | 1 Matrikonopc Explorer | 2024-08-05 | N/A |
| Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | ||||
| CVE-2018-8558 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-08-05 | N/A |
| An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579. | ||||
| CVE-2018-8472 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-05 | N/A |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||