Total
7946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12892 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. | |||||
| CVE-2018-12735 | 1 Saj-electric | 1 Saj Solar Inverter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | |||||
| CVE-2018-12716 | 1 Google | 4 Chromecast, Chromecast Firmware, Home and 1 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | |||||
| CVE-2018-12684 | 1 Civetweb Project | 1 Civetweb | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | |||||
| CVE-2018-12673 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. | |||||
| CVE-2018-12671 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. | |||||
| CVE-2018-12634 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | |||||
| CVE-2018-12632 | 1 Redatam | 1 Redatam | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. | |||||
| CVE-2018-12610 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Information Exposure. | |||||
| CVE-2018-12594 | 1 Reliablecontrols | 2 Mach-prowebcom, Mach-prowebcom Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. | |||||
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | |||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | |||||
| CVE-2018-12525 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. | |||||
| CVE-2018-12524 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. | |||||
| CVE-2018-12523 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. | |||||
| CVE-2018-12522 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. | |||||
| CVE-2018-12481 | 1 The Olive Tree Ftp Server Project | 1 The Olive Tree Ftp Server | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. | |||||
| CVE-2018-12440 | 1 Google | 1 Boringssl | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
| CVE-2018-12439 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
| CVE-2018-12438 | 1 Libsunec Project | 1 Libsunec | 2024-11-21 | 1.9 LOW | 4.9 MEDIUM |
| The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||