Total
8776 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3987 | 1 Rakuten | 1 Viber | 2024-08-05 | 5.5 Medium |
| An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. | ||||
| CVE-2018-3988 | 1 Signal | 1 Private Messenger | 2024-08-05 | 4.7 Medium |
| Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system. | ||||
| CVE-2018-3826 | 1 Elastic | 1 Elasticsearch | 2024-08-05 | N/A |
| In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | ||||
| CVE-2018-3854 | 1 Intuit | 1 Quicken 2018 | 2024-08-05 | 7.1 High |
| An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability. | ||||
| CVE-2018-3831 | 2 Elastic, Redhat | 2 Elasticsearch, Jboss Fuse | 2024-08-05 | 8.8 High |
| Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details. | ||||
| CVE-2018-3813 | 1 Flir | 6 Brickstream 2300 2d, Brickstream 2300 2d Firmware, Brickstream 2300 3d and 3 more | 2024-08-05 | N/A |
| getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | ||||
| CVE-2018-3817 | 1 Elastic | 1 Logstash | 2024-08-05 | N/A |
| When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | ||||
| CVE-2018-3693 | 7 Arm, Fujitsu, Intel and 4 more | 230 Cortex-a, Cortex-r, M12-1 and 227 more | 2024-08-05 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | ||||
| CVE-2018-3652 | 1 Intel | 34 Atom C, Xeon, Xeon Bronze 3104 and 31 more | 2024-08-05 | 7.6 High |
| Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces. | ||||
| CVE-2018-3619 | 1 Intel | 17 Core I3, Core I5, Core I7 and 14 more | 2024-08-05 | N/A |
| Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. | ||||
| CVE-2018-3621 | 1 Intel | 1 Driver\&support Assistant | 2024-08-05 | N/A |
| Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2024-08-05 | N/A |
| In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | ||||
| CVE-2018-1685 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-08-05 | N/A |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. | ||||
| CVE-2018-1438 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-08-05 | 7.5 High |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566. | ||||
| CVE-2018-1433 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-08-05 | 7.5 High |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. | ||||
| CVE-2018-1090 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2024-08-05 | N/A |
| In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. | ||||
| CVE-2018-1192 | 1 Pivotal Software | 4 Cloud Foundry Cf-deployment, Cloud Foundry Cf-release, Cloud Foundry Uaa and 1 more | 2024-08-05 | N/A |
| In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. | ||||
| CVE-2018-1175 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-08-05 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438. | ||||
| CVE-2018-1118 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-08-05 | N/A |
| Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | ||||
| CVE-2018-1135 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
| An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. | ||||