Total
7948 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17780 | 1 Telegram | 2 Telegram Desktop, Telegram Messenger | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. | |||||
| CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | |||||
| CVE-2018-17502 | 1 Thereceptionist | 1 The Receptionist For Ipad | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails. | |||||
| CVE-2018-17484 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | 3.6 LOW | 4.0 MEDIUM |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database. | |||||
| CVE-2018-17483 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information. | |||||
| CVE-2018-17482 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information. | |||||
| CVE-2018-17468 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | |||||
| CVE-2018-17404 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. | |||||
| CVE-2018-17402 | 1 Phonepe | 1 Phonepe | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots | |||||
| CVE-2018-17244 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. | |||||
| CVE-2018-17216 | 1 Ptc | 1 Thingworx Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. | |||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | |||||
| CVE-2018-17155 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. | |||||
| CVE-2018-17091 | 1 I4a | 1 Donlinkage | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. | |||||
| CVE-2018-16977 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. | |||||
| CVE-2018-16969 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. | |||||
| CVE-2018-16959 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-16948 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. | |||||
| CVE-2018-16883 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 2.1 LOW | 2.5 LOW |
| sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. | |||||
| CVE-2018-16876 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Ansible and 7 more | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | |||||