Total
8779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6829 | 1 Gnupg | 1 Libgcrypt | 2024-08-05 | N/A |
| cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. | ||||
| CVE-2018-6808 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-08-05 | N/A |
| NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. | ||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-05 | N/A |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | ||||
| CVE-2018-6790 | 2 Kde, Redhat | 2 Plasma-workspace, Enterprise Linux | 2024-08-05 | N/A |
| An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element. | ||||
| CVE-2018-6591 | 1 Conversejs | 1 Converse.js | 2024-08-05 | N/A |
| Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen. | ||||
| CVE-2018-6596 | 2 Debian, Django-anymail Project | 2 Debian Linux, Django-anymail | 2024-08-05 | N/A |
| webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events. | ||||
| CVE-2018-6608 | 1 Opera | 1 Opera Browser | 2024-08-05 | N/A |
| In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. | ||||
| CVE-2018-6610 | 1 Jlike Project | 1 Jlike | 2024-08-05 | N/A |
| Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request. | ||||
| CVE-2018-6526 | 1 Mantisbt | 1 Mantisbt | 2024-08-05 | N/A |
| view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | ||||
| CVE-2018-6460 | 1 Anchorfree | 1 Hotspot Shield | 2024-08-05 | N/A |
| Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address. | ||||
| CVE-2018-6412 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
| In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | ||||
| CVE-2018-6470 | 2 Apple, Nibbleblog | 2 Macos, Nibbleblog | 2024-08-05 | N/A |
| Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. | ||||
| CVE-2018-6239 | 1 Nvidia | 1 Jetson Tx2 | 2024-08-05 | N/A |
| NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3. | ||||
| CVE-2018-6260 | 1 Nvidia | 1 Gpu Driver | 2024-08-05 | N/A |
| NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. | ||||
| CVE-2018-6234 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2024-08-05 | N/A |
| An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2018-6159 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2018-6179 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-08-05 | N/A |
| Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | ||||
| CVE-2018-6188 | 3 Canonical, Djangoproject, Redhat | 4 Ubuntu Linux, Django, Satellite and 1 more | 2024-08-05 | N/A |
| django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. | ||||
| CVE-2018-6147 | 4 Apple, Debian, Google and 1 more | 7 Mac Os X, Debian Linux, Chrome and 4 more | 2024-08-05 | N/A |
| Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. | ||||
| CVE-2018-6177 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||