Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12907 | 1 Rclone | 1 Rclone | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | |||||
| CVE-2018-12921 | 1 Electroind | 2 Gaugetech Nexus, Gaugetech Nexus Firmware | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | |||||
| CVE-2018-12927 | 1 Northernnep | 2 Northern Electric \& Power Inverter, Northern Electric \& Power Inverter Firmware | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | |||||
| CVE-2018-12926 | 1 Pharoscontrols | 2 Pharos, Pharos Firmware | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | |||||
| CVE-2018-12735 | 1 Saj-electric | 1 Saj Solar Inverter | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | |||||
| CVE-2018-12990 | 1 Phpwcms | 1 Phpwcms | 2018-08-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | |||||
| CVE-2018-7776 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data. | |||||
| CVE-2017-15099 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2018-08-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. | |||||
| CVE-2017-15098 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2018-08-28 | 5.5 MEDIUM | 8.1 HIGH |
| Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. | |||||
| CVE-2018-12908 | 1 Brynamics | 1 Brynamics | 2018-08-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | |||||
| CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2018-08-27 | 4.3 MEDIUM | 8.1 HIGH |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | |||||
| CVE-2017-14991 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. | |||||
| CVE-2017-16911 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 1.9 LOW | 4.7 MEDIUM |
| The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. | |||||
| CVE-2017-2584 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 3.6 LOW | 7.1 HIGH |
| arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | |||||
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | |||||
| CVE-2018-1000609 | 1 Jenkins | 1 Configuration As Code | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | |||||
| CVE-2018-12435 | 1 Botan Project | 1 Botan | 2018-08-22 | 1.9 LOW | 5.9 MEDIUM |
| Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
| CVE-2018-0575 | 1 Basercms | 1 Basercms | 2018-08-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | |||||
| CVE-2018-0584 | 1 Iij | 1 Smartkey | 2018-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | |||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | |||||