Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18428 | 1 Tp-link | 2 Tl-sc3130, Tl-sc3130 Firmware | 2019-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. | |||||
| CVE-2017-2582 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Keycloak | 2019-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. | |||||
| CVE-2018-19718 | 1 Adobe | 1 Connect | 2019-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session. | |||||
| CVE-2018-16192 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 3.3 LOW | 6.5 MEDIUM |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. | |||||
| CVE-2016-4643 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. | |||||
| CVE-2016-4644 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2019-01-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. | |||||
| CVE-2018-20478 | 1 S-cms | 1 S-cms | 2019-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value. | |||||
| CVE-2017-9526 | 1 Gnupg | 1 Libgcrypt | 2019-01-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. | |||||
| CVE-2017-0379 | 2 Debian, Gnupg | 2 Debian Linux, Libgcrypt | 2019-01-16 | 5.0 MEDIUM | 7.5 HIGH |
| Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | |||||
| CVE-2015-7940 | 3 Bouncycastle, Opensuse, Oracle | 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more | 2019-01-16 | 5.0 MEDIUM | N/A |
| The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | |||||
| CVE-2018-6179 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | |||||
| CVE-2018-6117 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6137 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6164 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-12671 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. | |||||
| CVE-2018-12673 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. | |||||
| CVE-2018-20571 | 1 Damicms | 1 Damicms | 2019-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | |||||
| CVE-2018-20602 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2019-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | |||||
| CVE-2018-15328 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2019-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. | |||||
| CVE-2018-20609 | 1 Txjia | 1 Imcat | 2019-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | |||||