Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19962 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2023-11-07 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | |||||
| CVE-2018-19643 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19120 | 1 Kde | 1 Kde Applications | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | |||||
| CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||||
| CVE-2018-18590 | 1 Microfocus | 1 Operations Bridge | 2023-11-07 | 5.8 MEDIUM | 8.8 HIGH |
| A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. | |||||
| CVE-2018-18073 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2023-11-07 | 4.3 MEDIUM | 6.3 MEDIUM |
| Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | |||||
| CVE-2018-17956 | 1 Opensuse | 1 Yast2-samba-provision | 2023-11-07 | 2.1 LOW | 7.8 HIGH |
| In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list | |||||
| CVE-2018-17468 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | |||||
| CVE-2018-16539 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | |||||
| CVE-2018-16264 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16078 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-14348 | 3 Debian, Fedoraproject, Libcgroup Project | 3 Debian Linux, Fedora, Libcgroup | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | |||||
| CVE-2018-12716 | 1 Google | 4 Chromecast, Chromecast Firmware, Home and 1 more | 2023-11-07 | 3.3 LOW | 4.3 MEDIUM |
| The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | |||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2023-11-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | |||||
| CVE-2018-12130 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware | 2023-11-07 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12127 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware | 2023-11-07 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-12126 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware | 2023-11-07 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2018-11783 | 1 Apache | 1 Traffic Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. | |||||
| CVE-2018-11645 | 1 Artifex | 1 Ghostscript | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | |||||
| CVE-2018-11469 | 2 Canonical, Haproxy | 2 Ubuntu Linux, Haproxy | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | |||||