Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20608 | 1 Txjia | 1 Imcat | 2019-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | |||||
| CVE-2018-20607 | 1 Txjia | 1 Imcat | 2019-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | |||||
| CVE-2018-20606 | 1 Txjia | 1 Imcat | 2019-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | |||||
| CVE-2018-1000803 | 1 Gitea | 1 Gitea | 2019-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1. | |||||
| CVE-2017-5658 | 1 Apache | 1 Pony Mail | 2019-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue. | |||||
| CVE-2018-20154 | 1 Designmodo | 1 Wp Maintenance Mode | 2019-01-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. | |||||
| CVE-2018-16527 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | |||||
| CVE-2018-16524 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | |||||
| CVE-2018-16599 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure. | |||||
| CVE-2018-16600 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure. | |||||
| CVE-2018-16602 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. | |||||
| CVE-2018-16603 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. | |||||
| CVE-2018-19413 | 1 Sonarsource | 1 Sonarqube | 2019-01-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. | |||||
| CVE-2018-9554 | 1 Google | 1 Android | 2019-01-02 | 2.1 LOW | 5.5 MEDIUM |
| In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654. | |||||
| CVE-2018-13319 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2018-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | |||||
| CVE-2018-19133 | 1 Flarum | 1 Flarum | 2018-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. | |||||
| CVE-2018-7812 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | |||||
| CVE-2018-17976 | 1 Gitlab | 1 Gitlab | 2018-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions. | |||||
| CVE-2018-6082 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-12-27 | 4.3 MEDIUM | 4.7 MEDIUM |
| Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | |||||
| CVE-2018-16712 | 1 Iobit | 1 Advanced Systemcare | 2018-12-27 | 6.8 MEDIUM | 6.5 MEDIUM |
| IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. | |||||