Total
9516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14979 | 1 Asus | 2 Zenfone 3 Max, Zenfone 3 Max Firmware | 2024-11-21 | N/A |
| The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials. | ||||
| CVE-2018-14941 | 1 Harmonicinc | 1 Nsg 9000 | 2024-11-21 | N/A |
| Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. | ||||
| CVE-2018-14928 | 1 Matera | 1 Banco | 2024-11-21 | N/A |
| /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. | ||||
| CVE-2018-14902 | 1 Epson | 1 Iprint | 2024-11-21 | N/A |
| The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents. | ||||
| CVE-2018-14865 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A |
| Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files. | ||||
| CVE-2018-14831 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
| An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | ||||
| CVE-2018-14822 | 1 Entes | 2 Emg-12, Emg-12 Firmware | 2024-11-21 | N/A |
| Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | ||||
| CVE-2018-14803 | 1 Philips | 2 E-alert, E-alert Firmware | 2024-11-21 | N/A |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | ||||
| CVE-2018-14785 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | N/A |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. | ||||
| CVE-2018-14782 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | N/A |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. | ||||
| CVE-2018-14735 | 3 Hitachi, Linux, Microsoft | 8 Command Suite, Compute Systems Manager, Device Manager and 5 more | 2024-11-21 | N/A |
| An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message. | ||||
| CVE-2018-14731 | 1 Parceljs | 1 Parcel | 2024-11-21 | N/A |
| An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1 connection (with a random TCP port number) from any origin. The random port number can be found by connecting to http://127.0.0.1 and reading the "new WebSocket" line in the source code. | ||||
| CVE-2018-14730 | 1 Browserify-hot Module Replacement Project | 1 Browserify-hot Module Replacement | 2024-11-21 | 7.5 High |
| An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin. | ||||
| CVE-2018-14702 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | N/A |
| Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. | ||||
| CVE-2018-14696 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | N/A |
| Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. | ||||
| CVE-2018-14695 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | N/A |
| Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter. | ||||
| CVE-2018-14685 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | N/A |
| The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php. | ||||
| CVE-2018-14642 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Single Sign On and 1 more | 2024-11-21 | 5.3 Medium |
| An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests. | ||||
| CVE-2018-14602 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames. | ||||
| CVE-2018-14597 | 1 Broadcom | 2 Ca Identity Governance, Ca Identity Suite Virtual Appliance | 2024-11-21 | N/A |
| CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | ||||