Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8425 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2018-8477 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622. | |||||
| CVE-2018-8486 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8506 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 1.9 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | |||||
| CVE-2018-8514 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8545 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2018-8546 | 1 Microsoft | 6 Lync, Lync Basic, Office and 3 more | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype. | |||||
| CVE-2018-8563 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. | |||||
| CVE-2018-8564 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2018-8578 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. | |||||
| CVE-2018-8579 | 1 Microsoft | 2 Office, Office 365 Proplus | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558. | |||||
| CVE-2018-8595 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8596. | |||||
| CVE-2018-8596 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595. | |||||
| CVE-2018-8598 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2020-08-24 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627. | |||||
| CVE-2018-8621 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Server 2012 | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622. | |||||
| CVE-2018-8622 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621. | |||||
| CVE-2018-8627 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. | |||||
| CVE-2018-9039 | 1 Octopus | 1 Octopus Deploy | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments. | |||||
| CVE-2018-9137 | 1 Open-audit | 1 Open-audit | 2020-08-24 | 3.5 LOW | 6.8 MEDIUM |
| Open-AudIT before 2.2 has CSV Injection. | |||||
| CVE-2018-9457 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | |||||
| CVE-2018-9499 | 1 Google | 1 Android | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474 | |||||
| CVE-2018-9509 | 1 Google | 1 Android | 2020-08-24 | 6.1 MEDIUM | 6.5 MEDIUM |
| In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027 | |||||
| CVE-2018-9510 | 1 Google | 1 Android | 2020-08-24 | 6.1 MEDIUM | 6.5 MEDIUM |
| In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065 | |||||
| CVE-2018-9548 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574. | |||||
| CVE-2018-9594 | 1 Google | 1 Android | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157. | |||||
| CVE-2019-0016 | 1 Juniper | 1 Junos Space | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. | |||||
| CVE-2019-1000 | 1 Microsoft | 1 Azure Active Directory Connect | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1000002 | 1 Gitea | 1 Gitea | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2. | |||||
| CVE-2019-1000011 | 1 Api-platform | 1 Core | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6. | |||||
| CVE-2019-1000017 | 1 Chamilo | 1 Chamilo Lms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | |||||
| CVE-2019-1000020 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. | |||||
| CVE-2019-10014 | 1 Dedecms | 1 Dedecms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | |||||
| CVE-2019-1002100 | 1 Kubernetes | 1 Kubernetes | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. | |||||
| CVE-2019-10046 | 1 Pydio | 1 Pydio | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information. | |||||
| CVE-2019-10065 | 1 Otrs | 1 Otrs | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753. | |||||
| CVE-2019-1008 | 1 Microsoft | 2 Dynamics 365, Dynamics Crm 2015 | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. | |||||
| CVE-2019-10093 | 1 Apache | 1 Tika | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. | |||||
| CVE-2019-1010069 | 1 Moinejf | 1 Abcm2ps | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. | |||||
| CVE-2019-1010084 | 1 Dancer\ | 1 \ | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes. | |||||
| CVE-2019-0093 | 1 Intel | 1 Converged Security And Management Engine | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0098 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2019-0099 | 1 Intel | 1 Server Platform Services Firmware | 2020-08-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2019-0103 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0104 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0107 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0108 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. | |||||
| CVE-2019-0110 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0111 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0117 | 1 Intel | 326 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 323 more | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0120 | 1 Intel | 56 Atom 230, Atom 230 Firmware, Atom 330 and 53 more | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | |||||