Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1752 | 1 Ibm | 1 Urbancode Deploy | 2018-06-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. | |||||
| CVE-2018-8714 | 1 Honeywell | 1 Matrikonopc Explorer | 2018-06-27 | 3.6 LOW | 6.1 MEDIUM |
| Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | |||||
| CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2018-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | |||||
| CVE-2018-11435 | 1 Libmobi Project | 1 Libmobi | 2018-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. | |||||
| CVE-2018-11437 | 1 Libmobi Project | 1 Libmobi | 2018-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. | |||||
| CVE-2018-1135 | 1 Moodle | 1 Moodle | 2018-06-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. | |||||
| CVE-2017-7812 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-7842 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57. | |||||
| CVE-2017-7831 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. | |||||
| CVE-2018-5114 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5115 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5108 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5106 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5118 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5119 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-10652 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | |||||
| CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | |||||
| CVE-2018-4925 | 4 Adobe, Apple, Google and 1 more | 5 Digital Editions, Iphone Os, Mac Os X and 2 more | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-0147 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." | |||||
| CVE-2018-10729 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2018-06-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. | |||||