Total
9510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10423 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. | ||||
| CVE-2018-10245 | 1 Awstats | 1 Awstats | 2024-11-21 | N/A |
| A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. | ||||
| CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-11-21 | N/A |
| A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | ||||
| CVE-2018-10219 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. | ||||
| CVE-2018-10198 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
| An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. | ||||
| CVE-2018-10189 | 1 Mautic | 1 Mautic | 2024-11-21 | N/A |
| An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. | ||||
| CVE-2018-10178 | 1 Iac | 1 Fromdoctopdf | 2024-11-21 | 5.3 Medium |
| The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. | ||||
| CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | N/A |
| The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | ||||
| CVE-2018-10106 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | N/A |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | ||||
| CVE-2018-10082 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. | ||||
| CVE-2018-10028 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | N/A |
| joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. | ||||
| CVE-2018-1002104 | 1 Kubernetes | 1 Nginx Ingress Controller | 2024-11-21 | 5.3 Medium |
| Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | ||||
| CVE-2018-1000997 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | ||||
| CVE-2018-1000862 | 2 Jenkins, Redhat | 3 Jenkins, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser. | ||||
| CVE-2018-1000803 | 1 Gitea | 1 Gitea | 2024-11-21 | N/A |
| Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1. | ||||
| CVE-2018-1000645 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function. | ||||
| CVE-2018-1000635 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7. | ||||
| CVE-2018-1000633 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7. | ||||
| CVE-2018-1000609 | 1 Jenkins | 1 Configuration As Code | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | ||||
| CVE-2018-1000603 | 1 Jenkins | 1 Openstack Cloud | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | ||||