Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8919 | 1 Synology | 1 Diskstation Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | |||||
| CVE-2018-7496 | 1 Osisoft | 1 Pi Vision | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. | |||||
| CVE-2018-7360 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | |||||
| CVE-2018-6559 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | |||||
| CVE-2018-5477 | 1 Abb | 1 Netcadops | 2019-10-09 | 5.0 MEDIUM | 5.8 MEDIUM |
| An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. | |||||
| CVE-2018-5467 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2019-10-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. | |||||
| CVE-2018-5436 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. | |||||
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-4835 | 1 Siemens | 1 Telecontrol Server Basic | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. | |||||
| CVE-2018-3826 | 1 Elastic | 1 Elasticsearch | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | |||||
| CVE-2018-3817 | 1 Elastic | 1 Logstash | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | |||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | |||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2019-10-09 | 3.5 LOW | 8.4 HIGH |
| In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | |||||
| CVE-2018-2026 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552. | |||||
| CVE-2018-2009 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148. | |||||
| CVE-2018-2005 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007 | |||||
| CVE-2018-1999 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. | |||||
| CVE-2018-1993 | 1 Ibm | 1 Spectrum Scale | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. | |||||
| CVE-2018-1991 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 2.7 LOW |
| IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284. | |||||
| CVE-2018-1976 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031. | |||||