Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2018-12-10 | 5.0 MEDIUM | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||||
| CVE-2016-10005 | 1 Sap | 1 Solution Manager | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. | |||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 5.0 MEDIUM | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2018-11846 | 1 Qualcomm | 10 Sd 205, Sd 205 Firmware, Sd 210 and 7 more | 2018-12-10 | 4.7 MEDIUM | 4.7 MEDIUM |
| The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 | |||||
| CVE-2017-18300 | 1 Qualcomm | 16 Mdm9206, Mdm9206 Firmware, Mdm9607 and 13 more | 2018-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660. | |||||
| CVE-2018-17780 | 1 Telegram | 2 Telegram Desktop, Telegram Messenger | 2018-12-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. | |||||
| CVE-2013-0637 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-06 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2018-18778 | 1 Acme | 1 Mini-httpd | 2018-12-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| ACME mini_httpd before 1.30 lets remote users read arbitrary files. | |||||
| CVE-2018-18657 | 1 Arcserve | 1 Udp | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue. | |||||
| CVE-2018-18658 | 1 Arcserve | 1 Udp | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue. | |||||
| CVE-2018-18289 | 1 Mesilat | 1 Zabbix | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files. | |||||
| CVE-2018-16959 | 1 Oracle | 1 Webcenter Interaction | 2018-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-8292 | 1 Microsoft | 2 Asp.net Core, Powershell Core | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. | |||||
| CVE-2018-12358 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61. | |||||
| CVE-2018-18376 | 1 Orange | 2 Airbox, Airbox Firmware | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. | |||||
| CVE-2018-16051 | 1 Gitlab | 1 Gitlab | 2018-12-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. | |||||
| CVE-2012-4168 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. | |||||
| CVE-2018-12365 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2018-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||