Total
9521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15696 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | ||||
| CVE-2018-15684 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. | ||||
| CVE-2018-15668 | 1 Bloop | 1 Airmail 3 | 2024-11-21 | N/A |
| An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address. | ||||
| CVE-2018-15665 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | N/A |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. | ||||
| CVE-2018-15661 | 1 Olacabs | 1 Ola Money | 2024-11-21 | N/A |
| An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix | ||||
| CVE-2018-15659 | 1 42gears | 1 Suremdm | 2024-11-21 | N/A |
| An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible. | ||||
| CVE-2018-15658 | 1 42gears | 1 Suremdm | 2024-11-21 | N/A |
| An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data. | ||||
| CVE-2018-15656 | 1 42gears | 1 Suremdm | 2024-11-21 | N/A |
| An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header. | ||||
| CVE-2018-15655 | 1 42gears | 1 Suremdm | 2024-11-21 | N/A |
| An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. | ||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2024-11-21 | N/A |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | ||||
| CVE-2018-15599 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2024-11-21 | N/A |
| The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. | ||||
| CVE-2018-15594 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | N/A |
| arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. | ||||
| CVE-2018-15572 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | ||||
| CVE-2018-15534 | 1 Geutebrueck | 2 Re Porter 16, Re Porter 16 Firmware | 2024-11-21 | N/A |
| Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003. | ||||
| CVE-2018-15532 | 1 Hp | 1 Synaptics Touchpad Driver | 2024-11-21 | N/A |
| SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. | ||||
| CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 25 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 22 more | 2024-11-21 | 5.3 Medium |
| OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | ||||
| CVE-2018-15364 | 1 Trendmicro | 1 Officescan Xg | 2024-11-21 | N/A |
| A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | ||||
| CVE-2018-15357 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | N/A |
| An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. | ||||
| CVE-2018-15328 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | N/A |
| On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. | ||||
| CVE-2018-15310 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. | ||||