Total
9580 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7844 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 7.5 High |
| A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. | ||||
| CVE-2018-7812 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | N/A |
| An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | ||||
| CVE-2018-7776 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | N/A |
| The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data. | ||||
| CVE-2018-7755 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | ||||
| CVE-2018-7754 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. | ||||
| CVE-2018-7737 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-7704 | 1 Securenvoy | 1 Securmail | 2024-11-21 | N/A |
| SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe. | ||||
| CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2024-11-21 | N/A |
| Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | ||||
| CVE-2018-7676 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. | ||||
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2024-11-21 | N/A |
| In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | ||||
| CVE-2018-7668 | 1 Testlink | 1 Testlink | 2024-11-21 | N/A |
| TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | ||||
| CVE-2018-7662 | 1 Couchcms | 1 Couch | 2024-11-21 | N/A |
| Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. | ||||
| CVE-2018-7661 | 1 Babyphonemobile | 1 Wifi Baby Monitor | 2024-11-21 | N/A |
| Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257. | ||||
| CVE-2018-7556 | 2 Debian, Limesurvey | 2 Debian Linux, Limesurvey | 2024-11-21 | N/A |
| LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. | ||||
| CVE-2018-7506 | 1 Moxa | 1 Mxview | 2024-11-21 | N/A |
| The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. | ||||
| CVE-2018-7496 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | N/A |
| An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. | ||||
| CVE-2018-7360 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | ||||
| CVE-2018-7317 | 1 Christianwebministries | 1 Proclaim | 2024-11-21 | N/A |
| Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/. | ||||
| CVE-2018-7276 | 1 Lutron | 2 Quantum Bacnet Integration, Quantum Bacnet Integration Firmware | 2024-11-21 | N/A |
| An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. | ||||
| CVE-2018-7273 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. | ||||