Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1398 | 1 Ibm | 1 Sterling File Gateway | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. | |||||
| CVE-2018-1532 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. | |||||
| CVE-2018-1655 | 1 Ibm | 1 Aix | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | |||||
| CVE-2018-1587 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500. | |||||
| CVE-2018-1564 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 2.1 LOW | 6.7 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968. | |||||
| CVE-2018-1470 | 1 Ibm | 1 Sterling File Gateway | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. | |||||
| CVE-2018-1612 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-10-09 | 5.0 MEDIUM | 5.8 MEDIUM |
| IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164. | |||||
| CVE-2018-1380 | 1 Ibm | 1 Infosphere Master Data Management | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. | |||||
| CVE-2018-1548 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657. | |||||
| CVE-2018-1052 | 1 Postgresql | 1 Postgresql | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. | |||||
| CVE-2018-1546 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. | |||||
| CVE-2018-1175 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438. | |||||
| CVE-2018-1393 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. | |||||
| CVE-2018-17917 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps. | |||||
| CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||||
| CVE-2018-16883 | 1 Fedoraproject | 1 Sssd | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. | |||||
| CVE-2018-17244 | 1 Elastic | 1 Elasticsearch | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. | |||||
| CVE-2018-17482 | 1 Jollytech | 1 Lobby Track | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information. | |||||
| CVE-2018-17483 | 1 Jollytech | 1 Lobby Track | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information. | |||||
| CVE-2018-15800 | 1 Cloud Foundry | 1 Bits Service | 2019-10-09 | 3.5 LOW | 6.8 MEDIUM |
| Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage. | |||||
| CVE-2018-15432 | 1 Cisco | 1 Prime Infrastructure | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. | |||||
| CVE-2018-14803 | 1 Philips | 2 E-alert, E-alert Firmware | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | |||||
| CVE-2018-15765 | 1 Dell | 1 Emc Secure Remote Services | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks. | |||||
| CVE-2018-15615 | 1 Avaya | 1 Call Management System Supervisor | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | |||||
| CVE-2018-15433 | 1 Cisco | 1 Prime Infrastructure | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. | |||||
| CVE-2018-14597 | 1 Broadcom | 2 Ca Identity Governance, Ca Identity Suite Virtual Appliance | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | |||||
| CVE-2018-13281 | 1 Synology | 3 Diskstation Manager, Skynas, Vs960hd | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | |||||
| CVE-2018-13288 | 1 Synology | 1 File Station | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | |||||
| CVE-2018-13291 | 1 Synology | 1 Diskstation Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2018-13811 | 1 Siemens | 1 Simatic Step 7 \(tia Portal\) | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13294 | 1 Synology | 1 Application Service | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | |||||
| CVE-2018-14316 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6351. | |||||
| CVE-2018-13297 | 1 Synology | 1 Drive | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | |||||
| CVE-2018-13295 | 1 Synology | 1 Application Service | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | |||||
| CVE-2018-13289 | 1 Synology | 1 Router Manager | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | |||||
| CVE-2018-13290 | 1 Synology | 1 Router Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | |||||
| CVE-2018-13991 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. | |||||
| CVE-2018-13292 | 1 Synology | 1 Router Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2018-10890 | 1 Moodle | 1 Moodle | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. | |||||
| CVE-2018-11621 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896. | |||||
| CVE-2018-10919 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | |||||
| CVE-2018-11620 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756. | |||||
| CVE-2018-10498 | 1 Samsung | 1 Samsung Email | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329. | |||||
| CVE-2018-0111 | 1 Cisco | 1 Webex Meetings Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCvg46806. | |||||
| CVE-2018-0187 | 1 Cisco | 1 Identity Services Engine | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system. | |||||
| CVE-2017-9628 | 1 Saia Burgess Controls | 2 Pcd Controllers, Pcd Controllers Firmware | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents. | |||||
| CVE-2017-8441 | 1 Elastic | 1 X-pack | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. | |||||
| CVE-2018-0014 | 1 Juniper | 1 Screenos | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25. | |||||
| CVE-2017-8442 | 1 Elastic | 1 X-pack | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details. | |||||
| CVE-2017-8449 | 1 Elastic | 1 X-pack | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index. | |||||