Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10729 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2018-06-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. | |||||
| CVE-2018-1276 | 1 Pivotal Software | 1 Windows Stemcells | 2018-06-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials. | |||||
| CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2018-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2018-8207 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-06-18 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121. | |||||
| CVE-2017-0627 | 1 Linux | 1 Linux Kernel | 2018-06-16 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353. | |||||
| CVE-2018-6254 | 1 Google | 1 Android | 2018-06-14 | 2.1 LOW | 3.3 LOW |
| In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. | |||||
| CVE-2018-10770 | 1 Annigroup | 2 5 In 1 Xvr, 5 In 1 Xvr Firmware | 2018-06-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password. | |||||
| CVE-2018-6246 | 1 Google | 1 Android | 2018-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. | |||||
| CVE-2017-13143 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. | |||||
| CVE-2013-4209 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2018-06-13 | 2.1 LOW | 3.3 LOW |
| Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | |||||
| CVE-2018-1000176 | 1 Jenkins | 1 Email Extension | 2018-06-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password. | |||||
| CVE-2018-10581 | 1 Octopus | 1 Octopus Deploy | 2018-06-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment. | |||||
| CVE-2018-8141 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-06-13 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127. | |||||
| CVE-2018-10734 | 1 Kongtop | 10 A303, A303 Firmware, A403 and 7 more | 2018-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. | |||||
| CVE-2018-6921 | 1 Freebsd | 1 Freebsd | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | |||||
| CVE-2018-6920 | 1 Freebsd | 1 Freebsd | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | |||||
| CVE-2018-8860 | 1 Vecna | 2 Vgo, Vgo Firmware | 2018-06-13 | 3.3 LOW | 6.5 MEDIUM |
| In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. | |||||
| CVE-2018-8127 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141. | |||||
| CVE-2014-0872 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-06-13 | 1.5 LOW | 4.1 MEDIUM |
| The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. | |||||
| CVE-2016-5250 | 1 Mozilla | 1 Firefox | 2018-06-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||||
| CVE-2016-4655 | 1 Apple | 1 Iphone Os | 2018-06-08 | 7.1 HIGH | 5.5 MEDIUM |
| The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | |||||
| CVE-2018-1468 | 1 Ibm | 1 Api Connect | 2018-06-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. | |||||
| CVE-2017-1743 | 1 Ibm | 1 Websphere Application Server | 2018-06-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. | |||||
| CVE-2018-8160 | 1 Microsoft | 4 Office, Office Compatibility Pack, Sharepoint Server and 1 more | 2018-06-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | |||||
| CVE-2017-1734 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-06-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915. | |||||
| CVE-2018-8163 | 1 Microsoft | 2 Excel, Office | 2018-06-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel. | |||||
| CVE-2018-8123 | 1 Microsoft | 1 Edge | 2018-06-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021. | |||||
| CVE-2017-1725 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-06-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820. | |||||
| CVE-2014-0882 | 1 Ibm | 16 Flex System Manager 7955, Flex System Manager 8731, Flex System X220 and 13 more | 2018-06-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. | |||||
| CVE-2017-17449 | 1 Linux | 1 Linux Kernel | 2018-05-31 | 1.9 LOW | 4.7 MEDIUM |
| The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. | |||||
| CVE-2017-1116 | 1 Ibm | 1 Campaign | 2018-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154. | |||||
| CVE-2018-8880 | 1 Lutron | 2 Quantum Bacnet Integration, Quantum Bacnet Integration Firmware | 2018-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. | |||||
| CVE-2018-6919 | 1 Freebsd | 1 Freebsd | 2018-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. | |||||
| CVE-2018-10516 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-05-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory. | |||||
| CVE-2018-10522 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-05-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | |||||
| CVE-2018-10523 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-05-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | |||||
| CVE-2018-7930 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2018-05-24 | 2.9 LOW | 5.7 MEDIUM |
| The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks. | |||||
| CVE-2016-8220 | 1 Pivotal Software | 1 Gemfire | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route. | |||||
| CVE-2018-10189 | 1 Mautic | 1 Mautic | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. | |||||
| CVE-2017-15327 | 1 Huawei | 6 S12700, S12700 Firmware, S7700 and 3 more | 2018-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. | |||||
| CVE-2018-7244 | 1 Schneider-electric | 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more | 2018-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained. | |||||
| CVE-2018-10219 | 1 Baijiacms Project | 1 Baijiacms | 2018-05-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. | |||||
| CVE-2014-0912 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2018-05-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. | |||||
| CVE-2014-6112 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. | |||||
| CVE-2014-6109 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 3.5 LOW | 5.3 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. | |||||
| CVE-2014-6108 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. | |||||
| CVE-2014-4782 | 1 Ibm | 1 Infosphere Biginsights | 2018-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029. | |||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | |||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2018-05-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | |||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2018-05-21 | 6.4 MEDIUM | 8.2 HIGH |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | |||||