Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6417 | 1 Linux | 1 Linux Kernel | 2018-10-30 | 7.2 HIGH | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | |||||
| CVE-2007-0058 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2018-10-30 | 7.8 HIGH | N/A |
| Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. | |||||
| CVE-2013-3380 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2018-10-30 | 4.0 MEDIUM | N/A |
| The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | |||||
| CVE-2018-15697 | 1 Asustor | 1 Data Master | 2018-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. | |||||
| CVE-2018-15696 | 1 Asustor | 1 Data Master | 2018-10-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | |||||
| CVE-2018-15698 | 1 Asustor | 1 Data Master | 2018-10-30 | 6.8 MEDIUM | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | |||||
| CVE-2018-18655 | 1 Prayer Project | 1 Prayer | 2018-10-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. | |||||
| CVE-2018-7938 | 1 Huawei | 2 P10, P10 Firmware | 2018-10-26 | 4.3 MEDIUM | 3.3 LOW |
| P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. | |||||
| CVE-2008-0367 | 1 Mozilla | 1 Firefox | 2018-10-26 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | |||||
| CVE-2007-5022 | 1 Ibm | 1 Tivoli Storage Manager Client | 2018-10-26 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616. | |||||
| CVE-2018-1353 | 1 Fortinet | 1 Fortimanager | 2018-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | |||||
| CVE-2014-6048 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-10-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. | |||||
| CVE-2018-14079 | 1 Wi2be | 2 Smart Hp, Smart Hp Wmt | 2018-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. | |||||
| CVE-2007-2748 | 1 Php | 1 Php | 2018-10-19 | 4.3 MEDIUM | N/A |
| The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||||
| CVE-2006-0861 | 1 Michael Salzer | 1 Guestbox | 2018-10-19 | 5.0 MEDIUM | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. | |||||
| CVE-2016-4047 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed. | |||||
| CVE-2016-4027 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 3.5 LOW | 3.5 LOW |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account. | |||||
| CVE-2006-0103 | 1 Ralph Capper | 1 Tinyphpforum | 2018-10-19 | 5.0 MEDIUM | N/A |
| TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | |||||
| CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2018-10-19 | 5.0 MEDIUM | N/A |
| roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | |||||
| CVE-2005-4320 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-19 | 5.0 MEDIUM | N/A |
| Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message. | |||||