Total
7948 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16866 | 5 Canonical, Debian, Netapp and 2 more | 21 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 18 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. | |||||
| CVE-2018-16862 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. | |||||
| CVE-2018-16849 | 1 Redhat | 1 Openstack-mistral | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
| A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. | |||||
| CVE-2018-16712 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. | |||||
| CVE-2018-16710 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough. | |||||
| CVE-2018-16705 | 1 Furuno | 4 Felcom 250, Felcom 250 Firmware, Felcom 500 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. | |||||
| CVE-2018-16672 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | |||||
| CVE-2018-16671 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. | |||||
| CVE-2018-16658 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | |||||
| CVE-2018-16656 | 1 Kyocera | 4 Taskalfa 4002i, Taskalfa 4002i Firmware, Taskalfa 6002i and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request. | |||||
| CVE-2018-16603 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. | |||||
| CVE-2018-16602 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. | |||||
| CVE-2018-16600 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure. | |||||
| CVE-2018-16599 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure. | |||||
| CVE-2018-16539 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | |||||
| CVE-2018-16527 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | |||||
| CVE-2018-16524 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | |||||
| CVE-2018-16323 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | |||||
| CVE-2018-16307 | 1 Mi | 2 Xiaomi Miwifi Xiaomi 55dd, Xiaomi Miwifi Xiaomi 55dd Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. | |||||
| CVE-2018-16288 | 1 Lg | 1 Supersign Cms | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | |||||