Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1086 | 3 Clusterlabs, Debian, Redhat | 4 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux and 1 more | 2024-08-05 | N/A |
| pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. | ||||
| CVE-2018-1074 | 2 Ovirt, Redhat | 3 Ovirt, Enterprise Virtualization, Rhev Manager | 2024-08-05 | N/A |
| ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. | ||||
| CVE-2018-1097 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-05 | N/A |
| A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. | ||||
| CVE-2018-1073 | 2 Ovirt, Redhat | 4 Ovirt-engine, Enterprise Linux, Virtualization and 1 more | 2024-08-05 | 5.3 Medium |
| The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. | ||||
| CVE-2018-1044 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
| In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | ||||
| CVE-2018-0892 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-08-05 | N/A |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998. | ||||
| CVE-2018-0871 | 1 Microsoft | 2 Edge, Windows 10 | 2024-08-05 | N/A |
| An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234. | ||||
| CVE-2018-0526 | 1 Cybozu | 1 Office | 2024-08-05 | N/A |
| Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | ||||
| CVE-2018-0584 | 1 Iij | 1 Smartkey | 2024-08-05 | N/A |
| IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | ||||
| CVE-2018-0575 | 1 Basercms | 1 Basercms | 2024-08-05 | N/A |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | ||||
| CVE-2018-0528 | 1 Cybozu | 1 Office | 2024-08-05 | N/A |
| Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | ||||
| CVE-2018-0495 | 5 Canonical, Debian, Gnupg and 2 more | 14 Ubuntu Linux, Debian Linux, Libgcrypt and 11 more | 2024-08-05 | N/A |
| Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-0368 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2024-08-05 | N/A |
| A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400. | ||||
| CVE-2018-0269 | 1 Cisco | 1 Digital Network Architecture Center | 2024-08-05 | 4.3 Medium |
| A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. | ||||
| CVE-2018-0267 | 1 Cisco | 1 Unified Communications Manager | 2024-08-05 | 6.5 Medium |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116. | ||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-08-05 | N/A |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | ||||
| CVE-2018-0288 | 1 Cisco | 1 Webex Meetings Online | 2024-08-05 | 5.3 Medium |
| A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142. | ||||
| CVE-2018-0278 | 1 Cisco | 1 Firepower Management Center | 2024-08-05 | 6.5 Medium |
| A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. | ||||
| CVE-2018-0266 | 1 Cisco | 1 Unified Communications Manager | 2024-08-05 | 4.3 Medium |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218. | ||||
| CVE-2018-0245 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-08-05 | 5.3 Medium |
| A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442. | ||||