Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16539 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | |||||
| CVE-2018-16264 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16078 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-12130 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware | 2023-11-07 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12716 | 1 Google | 4 Chromecast, Chromecast Firmware, Home and 1 more | 2023-11-07 | 3.3 LOW | 4.3 MEDIUM |
| The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | |||||
| CVE-2018-12126 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware | 2023-11-07 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2023-11-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | |||||
| CVE-2018-14348 | 3 Debian, Fedoraproject, Libcgroup Project | 3 Debian Linux, Fedora, Libcgroup | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | |||||
| CVE-2018-12127 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware | 2023-11-07 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-11469 | 2 Canonical, Haproxy | 2 Ubuntu Linux, Haproxy | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | |||||
| CVE-2018-11783 | 1 Apache | 1 Traffic Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. | |||||
| CVE-2018-10583 | 5 Apache, Canonical, Debian and 2 more | 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | |||||
| CVE-2018-11645 | 1 Artifex | 1 Ghostscript | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | |||||
| CVE-2017-9794 | 1 Apache | 1 Geode | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | |||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | |||||
| CVE-2017-9795 | 1 Apache | 1 Geode | 2023-11-07 | 6.0 MEDIUM | 7.5 HIGH |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. | |||||
| CVE-2017-9284 | 1 Netiq | 1 Identity Manager | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | |||||
| CVE-2017-9796 | 1 Apache | 1 Geode | 2023-11-07 | 3.5 LOW | 5.3 MEDIUM |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | |||||
| CVE-2017-9797 | 1 Apache | 1 Geode | 2023-11-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster. | |||||
| CVE-2017-9788 | 6 Apache, Apple, Debian and 3 more | 16 Http Server, Mac Os X, Debian Linux and 13 more | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | |||||