Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15327 | 1 Huawei | 6 S12700, S12700 Firmware, S7700 and 3 more | 2018-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. | |||||
| CVE-2018-7244 | 1 Schneider-electric | 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more | 2018-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained. | |||||
| CVE-2018-10219 | 1 Baijiacms Project | 1 Baijiacms | 2018-05-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. | |||||
| CVE-2014-0912 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2018-05-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. | |||||
| CVE-2014-6112 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. | |||||
| CVE-2014-6109 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 3.5 LOW | 5.3 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. | |||||
| CVE-2014-6108 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. | |||||
| CVE-2014-4782 | 1 Ibm | 1 Infosphere Biginsights | 2018-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029. | |||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | |||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2018-05-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | |||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2018-05-21 | 6.4 MEDIUM | 8.2 HIGH |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | |||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2018-05-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | |||||
| CVE-2018-10245 | 1 Awstats | 1 Awstats | 2018-05-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. | |||||
| CVE-2015-5073 | 2 Ibm, Pcre | 2 Powerkvm, Pcre | 2018-05-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | |||||
| CVE-2015-0172 | 1 Ibm | 1 Security Siteprotector System | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927. | |||||
| CVE-2015-1957 | 1 Ibm | 1 Websphere Mq | 2018-05-17 | 3.5 LOW | 5.3 MEDIUM |
| IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482. | |||||
| CVE-2017-16741 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2018-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. | |||||
| CVE-2018-0892 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2018-05-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998. | |||||
| CVE-2014-2359 | 1 Oleumtech | 4 Ad1, Ad1 Firmware, Ft1 and 1 more | 2018-05-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. | |||||
| CVE-2018-1000148 | 1 Jenkins | 1 Copy To Slave | 2018-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system. | |||||