Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2023-11-07 | 3.5 LOW | 5.3 MEDIUM |
| In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | |||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | |||||
| CVE-2018-6487 | 1 Microfocus | 1 Universal Cmdb Foundation Software | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information. | |||||
| CVE-2018-6179 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | |||||
| CVE-2018-6177 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6168 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6164 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6159 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6150 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6147 | 4 Apple, Debian, Google and 1 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. | |||||
| CVE-2018-6137 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6134 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. | |||||
| CVE-2018-6117 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6109 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. | |||||
| CVE-2018-6099 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6095 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. | |||||
| CVE-2018-6093 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6082 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 4.7 MEDIUM |
| Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | |||||
| CVE-2018-6079 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6077 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||