Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6608 | 1 Opera | 1 Opera Browser | 2018-04-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. | |||||
| CVE-2017-17769 | 1 Google | 1 Android | 2018-04-23 | 2.1 LOW | 5.5 MEDIUM |
| Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver. | |||||
| CVE-2017-9681 | 1 Google | 1 Android | 2018-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. | |||||
| CVE-2018-9014 | 1 Dsmall Project | 1 Dsmall | 2018-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | |||||
| CVE-2014-5450 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2018-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. | |||||
| CVE-2014-2885 | 1 Truecrypt Project | 1 Truecrypt | 2018-04-20 | 3.6 LOW | 7.1 HIGH |
| Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. | |||||
| CVE-2014-2884 | 1 Truecrypt Project | 1 Truecrypt | 2018-04-20 | 2.1 LOW | 3.3 LOW |
| The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | |||||
| CVE-2018-1234 | 1 Rsa | 1 Authentication Agent For Web | 2018-04-20 | 2.1 LOW | 5.5 MEDIUM |
| RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. | |||||
| CVE-2015-5016 | 1 Ibm | 14 Change And Configuration Management Database, Control Desk, Maximo Asset Management and 11 more | 2018-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. | |||||
| CVE-2015-7424 | 1 Ibm | 1 Infosphere Master Data Management | 2018-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780. | |||||
| CVE-2015-7401 | 1 Ibm | 1 Curam Social Program Management | 2018-04-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106. | |||||
| CVE-2017-7630 | 1 Qnap | 1 Qts | 2018-04-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi. | |||||
| CVE-2018-3626 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2018-04-18 | 1.9 LOW | 4.7 MEDIUM |
| Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information. | |||||
| CVE-2015-7434 | 1 Ibm | 1 Capacity Management Analytics | 2018-04-18 | 2.1 LOW | 7.8 HIGH |
| IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863. | |||||
| CVE-2015-7433 | 1 Ibm | 1 Capacity Management Analytics | 2018-04-18 | 2.1 LOW | 7.8 HIGH |
| IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862. | |||||
| CVE-2015-7432 | 1 Ibm | 1 Capacity Management Analytics | 2018-04-18 | 2.1 LOW | 7.8 HIGH |
| IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861. | |||||
| CVE-2017-0748 | 1 Google | 1 Android | 2018-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798. | |||||
| CVE-2018-9922 | 1 Icmsdev | 1 Icms | 2018-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. | |||||
| CVE-2017-12169 | 1 Freeipa | 1 Freeipa | 2018-04-17 | 4.0 MEDIUM | 7.5 HIGH |
| It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability. | |||||
| CVE-2018-10082 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. | |||||