Total
9739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6075 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Linux Desktop and 3 more | 2024-11-21 | N/A |
| Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. | ||||
| CVE-2018-6066 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Linux Desktop and 3 more | 2024-11-21 | N/A |
| Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2018-6053 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. | ||||
| CVE-2018-6052 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | ||||
| CVE-2018-6045 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. | ||||
| CVE-2018-6037 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. | ||||
| CVE-2018-6035 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. | ||||
| CVE-2018-6015 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | N/A |
| An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. | ||||
| CVE-2018-6014 | 1 Subsonic | 1 Subsonic | 2024-11-21 | N/A |
| Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data. | ||||
| CVE-2018-6008 | 1 Joomlatag | 1 Jtag Members Directory | 2024-11-21 | N/A |
| Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | ||||
| CVE-2018-5995 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. | ||||
| CVE-2018-5953 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | ||||
| CVE-2018-5892 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-11-21 | N/A |
| The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. | ||||
| CVE-2018-5751 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs. | ||||
| CVE-2018-5750 | 4 Canonical, Debian, Linux and 1 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | N/A |
| The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | ||||
| CVE-2018-5738 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2024-11-21 | N/A |
| Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. | ||||
| CVE-2018-5728 | 1 Cobham | 2 Seatel 121, Seatel 121 Firmware | 2024-11-21 | N/A |
| Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. | ||||
| CVE-2018-5726 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. | ||||
| CVE-2018-5682 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A |
| PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. | ||||
| CVE-2018-5544 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters. | ||||